If you're one of the roughly 70 per cent of people using the world's most popular Google Chrome browser, you really need to make sure it's up to date.

Google quietly announced there are three active vulnerabilities in the browser, including one that is being actively exploited.

The holes have been plugged in the latest release of Google Chrome but that won't help you if you don't update.

In a blog post Monday, Google revealed older Chrome versions have three bugs that leave it open to malicious code.


Two of those were found by security researchers from Mozilla (who make the competing Firefox browser) and by Google itself.

The other, for which there is "an active exploit in the wild", was found by Google's own threat analysis team.

"We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel."

Google Chrome test engineer Krishna Govind said.

An update is rolling out in "the coming days/weeks" for Windows, Mac and Linux installations, but might not yet be available for everyone.

To check your Chrome version, click on the three dots in the top right corner, go down to the Help tab and click "About Chrome".

You want to see Version 80.0.3987.122 or higher.

If you see a lower version you should be able to relaunch your browser to update it.


Google suggests tools that detect security bugs such as AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL, which the company also uses. But these can be complex to understand.

Until an update becomes available for you, switching to a different web browser such as Microsoft Edge (don't worry, it's not as bad as internet Explorer was), Apple's Safari or Mozilla Firefox is probably the safest option.