Today we’re talking about two critical zero-day vulnerabilities that are working in concert with one another and being actively exploited. Let’s dive right in…
A zero-day vulnerability is a computer-software vulnerability that is unknown to those who would be interested in mitigating the vulnerability. Until the vulnerability is mitigated, hackers can exploit it to adversely affect computer programs, data, additional computers or a network. (source: Wiki)
Vulnerability #1 — Critical 0-day Chrome exploit. Google has already implemented a fix, but it is important to check to make sure that you are running the latest version of the Chrome browser.
To check which version of Chrome you are running, click the More icon (3 vertical dots) in the upper right corner of the Chrome browser. Hover over ‘Help’ and a submenu will appear. Select ‘About Google Chrome’. The version should read Version 72.0.3626.121 (Official Build). If it does not, update Chrome. To update Chrome, see: https://support.google.com/chrome/answer/95414
Vulnerability #2 — Critical 0-day Windows 7 exploit. Regular support for Windows 7 has already ended, but extended support continues until January 14, 2020. With that said, Windows 7 is old. It’s also vulnerable to this zero-day exploit.
Microsoft is working to fix the vulnerability. Apply Windows patches from Microsoft when they become available. If you are looking for an immediate fix, your only choice is to update to Windows 10. Or buy a Mac. Or use Linux. Or …
For additional information, see: https://security.googleblog.com/2019/03/disclosing-vulnerabilities-to-protect.html