All Posts by Date or last 15, 30, 90 or 180 days.
also by Lloyd: diglloyd.com photography and WindInMyFace.com

As an Amazon Associate I earn from qualifying purchases @AMAZON

Consult with Lloyd: cameras, computers, backup, etc...
Lloyd’s Patreon
Designed for the most demanding needs of photographers and videographers.
Connect and charge all of your devices through a single Thunderbolt or USB-C port.
Newly In Stock: SEE ALL...
Sony Mirrorless wish listDeals on Sony
$2997 Nikon Z7 II Mirrorless Camera OUT OF STOCK in Cameras: Mirrorless
$2297 Nikon D780 DSLR OUT OF STOCK in Cameras: DSLR
$2997 Nikon D850 DSLR OUT OF STOCK in Cameras: DSLR
$610 SAVE $110 = 15.0% ZEISS 32mm f/1.8 Touit Lens for FUJIFILM X OUT OF STOCK in Lenses: Mirrorless
$497 Pentax 70mm f/2.4 HD Pentax DA Limited IN STOCK in Lenses: DSLR

SEVERE Security Issue: Google Chrome Might Claim Current Version When Actually Out-of-Date and At-Risk

2019-03-11 • SEND FEEDBACK |
Related: security

In the screen shot below, the About Google Chrome window claims that Chrome is up to date. But Chrome is actually way out of date as the current version of Google Chrome (as of today) is Version 72.0.3626.121 — much newer. Yet the status reports up-to-date.

The implication is simple, but dire: a Google Chrome high severity security bug gone unfixednd will remain so unless the user manuall updates.

Without updates, bugs like the recent high security CVE-2019-5786 severe security bug will not get fixed because Chrome thinks it is up to date, thus exposing the user to security risks going back to the last manual download (which is the only way I was able to update Chrome).

Unlike most security bugs, the attack potential of bug fix in Google Chrome for CVE-2019-5786 was not theoretical; Google states “under active attacks” at the time of the patch.

Updating Chrome manually

Compare the versions before/after*. This is a surefire method since the latest version, downloaded manually, ensures it really is the latest.

  1. Open About => About Google Chrome and check the version.
  2. Download the latest version at https://www.google.com/chrome/. Use Safari if necessary, using Chrome to download Chrome failed instantly and 100% of the time. Perhaps it is related to the failure to detect the current version, a double bug.
  3. Compare version numbers.

* Amazingly, Google doesn't list version numbers on that download page.

It would be a reasonable position to not run Chrome at all given the risk of running an out-of-date browser well months beyond when the publicly details of Zero-day exploits have been released.

Chrome is actually way out of date — actual version is 72.0.3626.121

Not a fluke

I’ve seen false version status bug for years now, so it’s not a one-off, and it’s not related to mac OS High Sierra vs mac OS Sierra. I sent feedback within Chrome, I wonder if it will get addressed. I can see how automatic updates could fail, but it’s just insane that one can manually check for updates and that fails to display the most current available version. That’s really, really BAD.

As with all bugs, something must trigger it and most likely that trigger is lacking for most users. But it’s a virtual impossibility that I am the only one having this issue with Chrome. Whether it is 1 in 100 or 1 in 1000 whatever, I have no idea. Anyone experiencing this bug is at risk.

View all handpicked deals...

HP 17.3" OMEN 17-ck2059nr Gaming Laptop
$3319 $3319
SAVE $click

diglloyd.com | Terms of Use | PRIVACY POLICY
Contact | About Lloyd Chambers | Consulting | Photo Tours
Mailing Lists | RSS Feeds | X.com/diglloyd
Copyright © 2020 diglloyd Inc, all rights reserved.
Display info: __RETINA_INFO_STATUS__