As you may be aware, Google has released an urgent update for its Chrome browser to fix a potential security problem.
The Australian Government’s Cyber Security Centre was sufficiently concerned to issue a general ‘Act Now’ alert on Monday.
How important is this update?
Very. Web-browsers are a particularly attractive target for cybercriminals as they are the gateway to so many valuable online resources – from email to banking. Vulnerable browsers can (and have) been used to empty bank accounts and take over all information on law firm networks.
Google has identified the vulnerability not only as a potential threat, but one that is actually being used by criminal groups to attack Chrome users.
What do you need to do?
Updating is fairly simple. It will often happen automatically when Chrome is closed then opened, but given the scope of the vulnerability, it is worth checking.
If your network’s browsers are centrally managed by your IT support/department:
- check with them that the update has been applied
- remind users that they need to shut down their browsers and restart their computers for all the updates to run properly. Users that never shut down their computers and leave them on need to be politely reminded that this is a Bad Thing, both as a fire and information security risk.
If your network’s browsers are managed on a machine-by-machine basis (and for people’s personal devices at home) either:
- ask your IT support to update them manually, including everyone working remotely, or
- Ask your users to do it. This is easy:
Step 1. Open Google Chrome and navigate to the three dots in the top-right corner.
Step 2. Select ‘Settings’ then ‘Safety Check’.
Step 3. Run ‘Safety Check’.
Step 4. Close and restart Chrome. Version 91.0.4472.114 should now be running. (A different number may apply to managed enterprise systems.)
If the Safety Check is warning you about other concerns, such as an insecure or compromised password, schedule time to query and follow up any issues.
Please ask staff to update their personal devices, as problems on home networks often spread to the office from documents sent between the two. Ideally this should not be happening, but in the real world it does, so keeping home networks secure is an important step in protecting your firm environment.