Chrome Update to Fix Zero-Day
Google has issued its third urgent update for Chrome, one that patches another zero-day vulnerability in the highly-used desktop web browser.
Released on Thursday, the Stable Channel Update for Google Chrome’s desktop variant brings the browser to version 100.0.4898.127, on macOS, Windows, and Linux. According to Google, the update will roll out over the coming days and weeks, but users may want to force the update earlier.
Google is rolling out version 100.0.4896.127 of its Chrome browser for Windows, Mac, and Linux as an emergency update to patch a high-severity zero-day vulnerability — reports The Register.
The bug in question reckons to be a high-severity zero-day, actively being used by attackers. Once performed, it can cause a browser to crash or trigger an error, which has the potential to allow arbitrary code to execute.
The bug is similar to an issue that Google patched on March 26, which involved another “type confusion” weakness in Chrome’s V8 JavaScript engine. But, again, the latest exploit uses the same vector of the V8 JavaScript engine.
Google says it is “aware that an exploit for CVE-202201364 exists in the wild,” a factor that contributed to the quick creation of a fix. However, rather than provide explicit details of the bug, Google says it restricts access to that information until “a majority of users are updated” and therefore protected.
This is the third Chrome zero-day Google has patched so far this year. Google last month issued an emergency update to fix CVE-2022-1096, which was also being actively exploited.
The update to the new version can be performed automatically for the user. However, it can manually execute in macOS by selecting “Chrome” in the main menu followed by “About Google Chrome.” Once the update is downloaded, click “Relaunch.”