Google released an update to the Chrome web browser to address a security issue in the browser that is being actively exploited in the wild.
Chrome 100.0.4896.127 has been released for all supported desktop operating systems (Windows, Mac, and Linux) to fix the issue. The update will roll out over time as usual, but Chrome users can speed up the installation by:
- Select Chrome Menu > Help > About Google Chrome, or load chrome://settings/help directly.
The page displays the installed browser version. A check for updates is performed when the page is opened in the browser. Chrome should automatically download and install the update at that point.
Google announced the release on the company’s Chrome Releases blog, but didn’t provide many details on the subject. The vulnerability is listed with a severity rating of High, the second highest after Critical. It’s a Type Confusion issue in V8, Chrome’s JavaScript engine. These types of vulnerabilities can lead to the execution of arbitrary code, and it seems that this is the case with the vulnerability that Google disclosed in the blog.
The company notes that it is aware of an exploit that is actively used against the vulnerability:
Google is aware that an exploit for CVE-2022-1364 exists in the wild.
Google did not provide details; this is common, as companies that release security patches want the updates to be rolled out first to the majority of users and devices. Premature publication of information could result in the creation of exploits by other malicious actors.
Google released three zero-day vulnerability updates for its Chrome web browser this year. Other Chromium-based web browsers may also be affected by the issue. Security updates for these web browsers are likely to be released soon, provided that the issue also affects these browsers.
Chrome users may want to update their browser as soon as possible to protect against attacks targeting the zero-day vulnerability. Users using other Chromium-based browsers may want to check for updates or news regularly to make sure their browsers are patched as well.
advertising