Google developers have patched a high risk vulnerability in the latest version of Chrome. Details on the vulnerability are not provided other than it’s a “Use-after-free in GPU” vulnerability. Users on Linux, macOS and Windows are all advised to update to 70.0.3538.110.
It’s likely that all Chrome versions prior to version 70.0.3538.110 are vulnerable.
If attackers abuse the vulnerability, that has received CVE number, CVE-2018-17479, it’s possible for attackers to initiate a memory-use-after-free error in the GPU. This can lead to execution of malicious code. Google has classified the risk of attack as “high”.
The developers will disclose more details on the vulnerability and the possible attacks once the majority of Chrome users has the latest version installed.
Chrome can be updated by going to Customize and control Google Chrome (the three dots on the top right) -> Help -> About Google Chrome. As usual, also this update requires Chrome to be restarted for the update to complete.