You’ll need to make sure Google Chrome and Microsoft Edge are fully up-to-date on your Windows, Mac or Linux PC, because hackers are using a just-fixed zero-day flaw to attack the browsers.
It’s not clear who’s doing the attacking, but Google in a blog post Friday (March 25) drily noted that “an exploit for CVE-2022-1096,” the vulnerability in question, “exists in the wild.”
That’s the acceptably understated way to sound a red alert, though the fact that this security update fixes just that one flaw underlines how serious the vulnerability must be. Microsoft was similarly subdued in its own post Saturday (March 26).
Chrome needs to be updated to version 99.0.4844.84, as does the closely related Brave browser. Edge needs to be updated to version 99.0.1150.55. However, the Opera and Vivaldi browsers, which also derive from the open-source Chromium project, did not seem to have incorporated the update at the time of this writing.
Watch out for evil websites
Neither Google or Microsoft have released more details, but odds are that a malicious designed website or image will be able to use a browser to attack the computer it runs on.
It’s not clear whether Macs and Linux boxes are as affected as Windows PCs by this flaw, but the flaw likely existed in Chromium-based browsers on all three platforms.
There’s no word yet on whether the Chrome apps for Android and iOS are affected. Those apps are sufficiently different from the desktop versions of Chrome, and from each other, that they sometimes don’t get the same bugs. You should keep them updated regardless.
Mozilla Firefox and Apple Safari use different codebases and are usually not affected by Chromium flaws.
On Windows and Mac, Chrome and its relatives generally will update themselves upon launching. If your browser has been open for a few days, relaunch it to trigger an update.
Some Linux distributions, including Ubuntu and its derivatives, bundle Chrome and Chromium updates into their daily update packages.
How to update Chrome, Edge and Brave
To be sure your browser is fully up-to-date on a Mac or PC, you have to take slightly different steps for Brave, Chrome and Edge.
In Google Chrome, use your mouse cursor (or your finger if you’re on a touchscreen) to click the three vertical dots at the top right of the browser toolbar, then scroll down to and hover your cursor over Help in the menu that appears.
A fly-out menu will appear; click on “About Google Chrome,” and Chrome will open a new tab listing your version number. If your browser needs an update, this tab will automatically begin the process and then prompt you to relaunch.
In Microsoft Edge, click the three horizontal dots at the top right of the browser toolbar, then scroll down to and hover your cursor over “Help and feedback” in the menu that appears.
A fly-out menu will appear; click on “About Microsoft Edge,” and Edge will open a new tab listing your version number. If your browser needs an update, this tab will automatically begin the process and then prompt you to relaunch.
In Brave, click the three vertical lines at the top right of the browser toolbar, then scroll down to and click “About Brave” in the menu that appears. A new tab will open listing your version number, and an update will begin automatically if you need one.
How to update Opera and Vivaldi
Opera and its descendant Vivaldi do updates a bit differently from the others.
In Opera, click the big O icon at the top left of the screen, then scroll down to and click “Update and Recovery.” A new tab will open listing the version number, accompanied by a button labeled “Check for update.” You’ll want to click that button.
In Vivaldi, click the big V icon at the top left of the screen, scroll down to and click Help, then click “Check for updates.”