"Reported by Clement Lecigne of Google's Threat Analysis Group on 2019-02-27", the update reveals.
The flaw, which resides in the Windows win32k.sys kernel driver, gives attackers a means to break out of security sandboxes that Chrome and most other browsers use to keep untrusted code from interacting with sensitive parts of an OS.
Google is calling this a "zero-day" vulnerability, meaning that the bad guys figured out how to exploit it before the good guys were able to find and patch it.
If you are reading this, there is a good chance you are doing so on a Chrome browser, based on the available market share data. If you'd like to trigger a manual update, you can click the three dots in the upper-right corner of the window, select "Help" and "About Chrome".
Pacific nations may boycott Rugby World Cup
The shake-up would see the Six Nations and Rugby Championship sides form a league with the addition of the United States and Japan .
"The vulnerability is a NULL pointer dereference in win32k!MNGetpItemFromIndex when NtUserMNDragOver () system call is called under specific circumstances", he added.
Google also alerted users to another exploit affecting the Windows operating system. The practice allows companies like Google to notify users, and roll out updates, without tipping off any potential bad actors. That's a departure from many Chrome patches, which work as soon as they're installed. It is up to users to update their browser.
If they haven't already, desktop Chrome users are urged to upgrade to v72.0.3626.121, Android users to v72.0.3626.121, and Chrome OS users to v72.0.3626.122.
A warning by Justin Schuh comes in a form of a #PSA or a "Public Service Announcement", according to the engineer, while Google explained that "access to bug details and links may be kept restricted until a majority of users are updated with a fix".