Urgent: The Homeland Security cybersecurity agency says everyone needs to update Google Chrome immediately, as attackers home in on new security flaws. Especially with the holiday shopping upon us.

These are not your common vulnerabilities, but rather ones known as (zero-days). A zero-day being a vulnerability that is being actively exploited by attackers while remaining unknown to the vendor or threat intelligence outfits. Once the vendor becomes aware of the security flaw, day zero, it can start to mitigate against exploitation but not before. The attackers, therefore, have a head start. We usually get details on patches in Chrome, but Google has temporarily withheld details of these latest flaws because both have been used in the wild as attack vectors. 

Department of Homeland Security urges users to update Google Chrome as attackers look to exploit. - 2020
Department of Homeland Security urges users to update Google Chrome as attackers look to exploit. - 2020 2

What do we know about these zero-day Chrome flaws?

The latest two zero-days to be discovered are classed as high-severity in nature and affect Chrome for Windows, Mac, and Linux. Details about the security loopholes remain sparse, although the tech giant did disclose that both are classified as high-severity and were reported by external researchers who wish to remain anonymous.

The precise details of CVE-2020-16013 and CVE-2020-16017 have not yet been made public as Google restricts access to such information until the majority of users have updated.

However, the Department of Homeland Security cybersecurity agency, CISA, has advised that an attacker "could exploit one of these vulnerabilities to take control of an affected system."

UPDATE NOW. STAY SAFE.