All Posts by Date or last 15, 30, 90 or 180 days.
also by Lloyd: diglloyd.com photography and WindInMyFace.com

Links on this site earn me fees or commissions.
As an Amazon Associate I earn from qualifying purchases @AMAZON

Other World Computing...
B&H Photo...
Get all the tools you need to upgrade the factory HDD of any 2009-2019 iMac to a larger HDD or a modern SSD.
Memory Upgrades for 2019 Mac Pro - Save Up to 65% vs Factory Costs

SEVERE Security Issue: Google Chrome Might Claim Current Version When Actually Out-of-Date and At-Risk

2019-03-11 - SEND FEEDBACK

Related: security

In the screen shot below, the About Google Chrome window claims that Chrome is up to date. But Chrome is actually way out of date as the current version of Google Chrome (as of today) is Version 72.0.3626.121 — much newer. Yet the status reports up-to-date.

The implication is simple, but dire: a Google Chrome high severity security bug gone unfixednd will remain so unless the user manuall updates.

Without updates, bugs like the recent high security CVE-2019-5786 severe security bug will not get fixed because Chrome thinks it is up to date, thus exposing the user to security risks going back to the last manual download (which is the only way I was able to update Chrome).

Unlike most security bugs, the attack potential of bug fix in Google Chrome for CVE-2019-5786 was not theoretical; Google states “under active attacks” at the time of the patch.

Updating Chrome manually

Compare the versions before/after*. This is a surefire method since the latest version, downloaded manually, ensures it really is the latest.

  1. Open About => About Google Chrome and check the version.
  2. Download the latest version at https://www.google.com/chrome/. Use Safari if necessary, using Chrome to download Chrome failed instantly and 100% of the time. Perhaps it is related to the failure to detect the current version, a double bug.
  3. Compare version numbers.

* Amazingly, Google doesn't list version numbers on that download page.

It would be a reasonable position to not run Chrome at all given the risk of running an out-of-date browser well months beyond when the publicly details of Zero-day exploits have been released.

Chrome is actually way out of date — actual version is 72.0.3626.121

Not a fluke

I’ve seen false version status bug for years now, so it’s not a one-off, and it’s not related to mac OS High Sierra vs mac OS Sierra. I sent feedback within Chrome, I wonder if it will get addressed. I can see how automatic updates could fail, but it’s just insane that one can manually check for updates and that fails to display the most current available version. That’s really, really BAD.

As with all bugs, something must trigger it and most likely that trigger is lacking for most users. But it’s a virtual impossibility that I am the only one having this issue with Chrome. Whether it is 1 in 100 or 1 in 1000 whatever, I have no idea. Anyone experiencing this bug is at risk.

View all handpicked deals...

TASCAM TM-280 Studio Microphone with Flight Case, Shockmount, and Pop Filter
$199 $114
SAVE $85

diglloyd.com | Terms of Use | PRIVACY POLICY
Contact | About Lloyd Chambers | Consulting | Photo Tours
Mailing Lists | RSS Feeds | Twitter
Copyright © 2020 diglloyd Inc, all rights reserved.
Display info: __RETINA_INFO_STATUS__