Chrome and Edge under hacker attack — what to do now
Emergency patches fix just one very serious flaw
UPDATED Tuesday, March 29 to clarify patch status of Vivaldi.
You'll need to make sure Google Chrome and Microsoft Edge are fully up-to-date on your Windows, Mac or Linux PC, because hackers are using a just-fixed zero-day flaw to attack the browsers.
It's not clear who's doing the attacking, but Google in a blog post Friday (March 25) drily noted that "an exploit for CVE-2022-1096," the vulnerability in question, "exists in the wild."
That's the acceptably understated way to sound a red alert, though the fact that this security update fixes just that one flaw underlines how serious the vulnerability must be. Microsoft was similarly subdued in its own post Saturday (March 26).
Chrome needs to be updated to version 99.0.4844.84, as does the closely related Brave browser. Edge needs to be updated to version 99.0.1150.55. However, the Opera and Vivaldi browsers, which also derive from the open-source Chromium project, did not seem to have incorporated the update at the time of this writing.
[Correction: A reader tweeted us to point out that Vivaldi had indeed included the security patch as part of its update based on the 98.0.4758.141 Extended Stable Channel desktop version of Chromium. We should have thought of that, and we're checking to see if Opera is based on the same ESC update. Tom's Guide regrets the error.]
Watch out for evil websites
The flaw was described by Google as "type confusion in V8," the JavaScript rendering engine used by Chromium-based browsers, and given a severity rating of "High."
Sign up to get the BEST of Tom's Guide direct to your inbox.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
Neither Google or Microsoft have released more details, but odds are that a malicious designed website or image will be able to use a browser to attack the computer it runs on.
It's not clear whether Macs and Linux boxes are as affected as Windows PCs by this flaw, but the flaw likely existed in Chromium-based browsers on all three platforms.
There's no word yet on whether the Chrome apps for Android and iOS are affected. Those apps are sufficiently different from the desktop versions of Chrome, and from each other, that they sometimes don't get the same bugs. You should keep them updated regardless.
Mozilla Firefox and Apple Safari use different codebases and are usually not affected by Chromium flaws.
On Windows and Mac, Chrome and its relatives generally will update themselves upon launching. If your browser has been open for a few days, relaunch it to trigger an update.
Some Linux distributions, including Ubuntu and its derivatives, bundle Chrome and Chromium updates into their daily update packages.
How to update Chrome, Edge and Brave
To be sure your browser is fully up-to-date on a Mac or PC, you have to take slightly different steps for Brave, Chrome and Edge.
In Google Chrome, use your mouse cursor (or your finger if you're on a touchscreen) to click the three vertical dots at the top right of the browser toolbar, then scroll down to and hover your cursor over Help in the menu that appears.
A fly-out menu will appear; click on "About Google Chrome," and Chrome will open a new tab listing your version number. If your browser needs an update, this tab will automatically begin the process and then prompt you to relaunch. This is also how you upgrade to the newly-released Chrome 100.
In Microsoft Edge, click the three horizontal dots at the top right of the browser toolbar, then scroll down to and hover your cursor over "Help and feedback" in the menu that appears.
A fly-out menu will appear; click on "About Microsoft Edge," and Edge will open a new tab listing your version number. If your browser needs an update, this tab will automatically begin the process and then prompt you to relaunch.
In Brave, click the three vertical lines at the top right of the browser toolbar, then scroll down to and click "About Brave" in the menu that appears. A new tab will open listing your version number, and an update will begin automatically if you need one.
How to update Opera and Vivaldi
Opera and its descendant Vivaldi do updates a bit differently from the others.
In Opera, click the big O icon at the top left of the screen, then scroll down to and click "Update and Recovery." A new tab will open listing the version number, accompanied by a button labeled "Check for update." You'll want to click that button.
In Vivaldi, click the big V icon at the top left of the screen, scroll down to and click Help, then click "Check for updates."
Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.