It’s common practice when bugs are disclosed to not immediately share details of how they work until a majority of users have a security patch. The practice allows companies like Google to notify users, and roll out updates, without tipping off any potential bad actors.

While little is known about how the threat, called CVE-2019-5786, works, Justin Schuh, Google’s Chrome engineering and security desktop lead, tweeted on Tuesday that everyone should update their Chrome browser “right this minute” on every device.

https://twitter.com/justinschuh/status/1103087046661267456?s=20

Google Chrome updates are usually automatic, however they don’t always roll out to everyone, all at once. If you’d like to trigger a manual update, you can click the three dots in the upper-right corner of the window, select “Help” and “About Chrome.” This will tell users whether their browser is updated or if they need to restart their device to trigger the updated, patched version of the browser.