Google Chrome emergency update patches 0-day vulnerability | #macos | #macsecurity


Google released a Chrome web browser update to address a security issue in the browser that is actively exploited in the wild.

Chrome 100.0.4896.127 has been released for all supported desktop operating systems — Windows, Mac and Linux — to address the issue. The update is being rolled out over time as usual, but Chrome users may speed up the installation in the following way:

  • Select Chrome Menu > Help > About Google Chrome, or load chrome://settings/help directly.

The page displays the installed browser version. A check for updates is performed when the page is opened in the browser. Chrome should download and install the update automatically at that point.

Google announced the release on the company’s Chrome Releases blog, but did not provide many details on the issue. The vulnerability is listed with a severity rating of high, the second-highest after critical. It is a Type Confusion in V8 issue, Chrome’s JavaScript engine. These type of vulnerabilities may lead to the execution of arbitrary code, and it appears that this is the case for the vulnerability that Google disclosed on the blog.

The company notes that it is aware of an exploit that is actively used against the vulnerability:

Google is aware that an exploit for CVE-2022-1364 exists in the wild.

Google did not provide specifics; this is common, as companies that release security patches want updates to be rolled out to the majority of users and devices first. The premature release of information could result in the creation of exploits by other malicious actors.

Google released three zero-day vulnerability updates for its Chrome web browser this year. Other Chromium-based web browsers may also be affected by the issue. Security updates for these web browsers will likely be released soon, provided that the issue affects these browsers as well.

Chrome users may want to upgrade their browser as soon as possible to protect it against attacks that target the 0-day vulnerability. Users who use other Chromium-based browsers may want to check for updates or news regularly to make sure their browsers do get patched as well.

Summary

Google Chrome emergency update patches 0-day vulnerability

Article Name

Google Chrome emergency update patches 0-day vulnerability

Description

Google released a Chrome web browser update to address a security issue in the browser that is actively exploited in the wild.

Author

Martin Brinkmann

Publisher

Ghacks Technology News

Logo

Advertisement



Original Source link

Leave a Reply

Your email address will not be published.

− one = five