google-chrome-update.png
(Credit: Screenshot: Tom Mcnamara/Download.com)

Cybersecurity firm SureCloud has announced that the Google Chrome web browser contains a security flaw that can allow an attacker to remotely gain unauthorized access to a local area network, but that the problem can be fixed by updating to version 69 of the browser.

SEE: Google One cloud storage and subscriber perks now available in U.S.

How to update your copy of Google Chrome

Windows: Click the three-dot menu button in the upper right, click Help near the bottom of the menu, and select About Google Chrome. In the next window, click the Check for Update button. If one is available, the download will begin. Once it's finished, you'll need to restart Chrome for the update to take effect.

Mac: From the Chrome menu, select About Google Chrome. On the Settings page, you'll see which version of Chrome you are using and whether you are up to date or need to update. If an update is available, tap Update Google Chrome and then tap Relaunch.

Note that the desktop version of Chrome 69 brings a visual refresh to the browser, so some things will look a little different. But it should behave in much the same way as before, just with tighter security.

Android: Open your Google Play Store app, tap the hamburger menu in the upper left, tap on My Apps & Games. If an update is available, it will show up in a section near the top labeled Updates Pending. Tap the Update button next to the entry for Chrome. If you had the Chrome browser open during the update, you'll need to close it for the change to take effect.

iOS: Open the App Store app, then tap the Updates tab at the bottom of the screen. Swipe down from the center of the screen to refresh your update list. If Chrome is listed here, tap the Update button to the right of its entry. If Chrome was open during the update, you'll need to close before the change can take effect.

FOLLOW Download.com on Twitter to keep up with the latest app news.

What the network security flaw was

In Chrome 68 and possibly earlier versions, there was an issue with stored credentials and unencrypted connections to a network router, which is the device that your PC, phone, and other devices use to connect to the Internet. Chrome and other browsers offer to save your usernames and passwords to make it easier to log into various websites, and many routers can be set up for remote access.

Unfortunately, this remote router access does not always use a secure connection. Instead of HTTPS, they may use regular HTTP. Since regular HTTP is not encrypted, an attacker could intercept the user name and password that Chrome stored for you, then use that login info to access to the router's functions, and to every device that uses it to connect to the Internet.

From there, an attacker can compromise the security of the router, redirect you to fake websites, and spy on your Internet connection.

Thankfully, updating to version 69 of Google Chrome fixes this issue. If you are using the Chrome-based Opera browser, however, we recommend switching to an alternative until an update is available.

The takeaways

  • Cybersecurity firm SureCloud reported that the Google Chrome web browser was vulnerable to a security flaw that could allow an attacker to remote access a network router.
  • SureCloud updated their report to say that updating to the newly released version 69 of the Chrome browser will address this flaw.

Also see

Tom McNamara is a Senior Editor for CNET's Download.com. He mainly covers Windows, mobile and desktop security, games, Google, streaming services, and social media. Tom was also an editor at Maximum PC and IGN, and his work has appeared on CNET, PC Gamer, MSN.com, and Salon.com. He's also unreasonably proud that he's kept the same phone for more than two years.