Google Chrome issues critical security warning for 2 billion users: Here's the fix

(Image credit: Anadolu Agency/Getty Images)

Google revealed a "critical" security vulnerability in Chrome last weeks but remained tight-lipped about what exactly had gone wrong. We now have an idea, and "critical" is putting it lightly. 

Sophos security researcher Paul Duckling wrote in a blog post that the fix in Chrome version 81.0.4044.113 patches a vulnerability that lets attackers avoid Chrome's usual security checks (via Tom's Guide). It also bypasses what Duckling calls "are you sure" dialog boxes -- those pop-ups that appear when you might be approving something you shouldn't. 

The one detail Google provided in its security notice is that the bug is what's called a "use after free" exploit. These memory corruption vulnerabilities can be used by hackers to run malicious code by taking control of memory after it has been freed for other apps to use. 

In the case of this Chrome flaw, the use after free exploit would let a bad actor "change the flow of control inside your program, including diverting the CPU to run untrusted code that the attacker just poked into memory from outside," Duckling wrote. 

Google marked this vulnerability as "critical," which means attacks can be conducted remotely, or without an attacker gaining physical access to a system. If the flaw was present in all versions of Chrome, it could impact the two billion people who use Chrome as their preferred browser.

Google Chrome bug: How to protect yourself

This is all scary stuff but there is some good news. Google is expected to roll out the patch for Windows, Mac and Linux over the coming days and weeks.

Protecting your laptop or desktop is as simple as updating Chrome once the update comes through. To do so, press on the three vertical dots in the top-right corner of the browser. Choose Settings and select About Chrome on the left side of the screen. Chrome will automatically run a check for the latest version and update your browser (save your work because Chrome will relaunch once it's done updating). 

If you're running Chrome version 81.0.4044.113 or later then you're safe. If you aren't, then continue checking for updates or enable automatic updates so you get crucial security patches as early as possible.

Phillip Tracy

Phillip Tracy is the assistant managing editor at Laptop Mag where he reviews laptops, phones and other gadgets while covering the latest industry news. After graduating with a journalism degree from the University of Texas at Austin, Phillip became a tech reporter at the Daily Dot. There, he wrote reviews for a range of gadgets and covered everything from social media trends to cybersecurity. Prior to that, he wrote for RCR Wireless News covering 5G and IoT. When he's not tinkering with devices, you can find Phillip playing video games, reading, traveling or watching soccer.

Latest in Antivirus & Cyber-security
TP-Link routers targeted by Chinese state-sponsored cyber attacks
TP-Link routers may face nationwide ban after 'significantly alarming' link to US cyberattacks
What is a VPN kill switch — and why you should use one
You need a VPN for school, here are 3 services we recommend
The AMD Ryzen and NVIDIA RTX stickers on the Acer Nitro 17
'You basically have to throw your computer away': Researchers explain AMD 'Sinkclose' vulnerability, but do you need to worry?
Google Search
This malware is posing as Google Authenticator using Google ads — here's how to protect yourself
Windows 10 BSOD saying "It's not you, it's me."
Microsoft reveals CrowdStrike outage could have a surprising long-term impact on everyday users
MANILA, PHILIPPINES - JULY 19: Long queues of passengers form at the check-in counters at Ninoy Aquino International Airport, amid a global IT disruption caused by a Microsoft outage and a Crowdstrike IT problem, on July 19, 2024 in Manila, Philippines. A significant global outage affecting Microsoft services, particularly Microsoft 365, has caused widespread disruptions across various sectors, including airlines, banks, and health systems. The outage was attributed to a glitch in CrowdStrike's "Falcon Sensor" software, which impacted Windows systems, leading to thousands of flight cancellations and operational chaos in multiple industries. Microsoft has reported that the underlying cause of the outage has been fixed, but residual effects continue to impact some users as the company works on full recovery. (Photo by Ezra Acayan/Getty Images)
The CrowdStrike outage spotlights major vulnerabilities in the global information ecosystem
Latest in News
A close-up of a light-colored computer keyboard shows the keys T, Y, G, and H replaced by the logos of OpenAI, DeepSeek, Grok, and Gemini, the leading competitors in the artificial intelligence market. This serves as a visual metaphor for the intense rivalry and innovation in the AI industry. (Photo by Matteo Della Torre/NurPhoto via Getty Images)
Is generative AI inadvertently reducing the voices of many to the banality of one?
WWDC 2025 could mark the beginning of the end for certain iPhone users
Error when installing Google Chrome on the Asus Vivobook 16 Flip, on a white desk against a blue background.
"This app can't run on your PC": Google's Chrome Installer broke on Windows, but there's a fix
Nintendo Switch 2 handheld gaming console
Nintendo Switch 2 preorder date: It might be a lot closer than you think, say tipsters
Microsoft Surface Laptop (7th Edition, 2024)
Windows-on-Arm woes: Amazon warns customers about Surface laptop returns
Apple Watch Series 8
Siri is the biggest obstacle to making the Apple Watch an AI hit