A Vulnerability in Google Chrome Could Allow for Arbitrary Code Execution, oh yes I mean each and every word on this sentence. Chrome just fixed it though.
The security bug would give fraudsters legitimate rights to install programs, edit data or even create new accounts by users, by being redirected to a shady website on the vulnerable version of the browser.
The bug is part of Blink, the browser engine Chrome functions on and has already been patched. Updating to the latest Chrome version 76.0.3809.132 will get rid of the vulnerability, so if you are one of those users that always leave their browser open on their devices so that you can keep track of the tabs you have active just restarting Chrome once will automatically install the update that has already been downloaded in the background.
The vulnerability has been discovered in the desktop version of the browser and not in any of the smartphone versions. So no matter which operating system you use, if you are a Chrome user it is a good idea to update it. According to the Chrome Releases blog post, the vulnerability was found by Luyao Liu and Zhe Jin from Chengdu Security Response Center of Qihoo 360 Technology under Google’s Bug Bounty program. The duo received a $5,500 reward for finding the vulnerability.