Update: Google issues urgent security fix for Chrome — update right now.
If you use the Google Chrome browser, you’re advised to stop what you’re doing and update immediately. Google has published a security advisory that accompanied the release of Chrome 100.0.4896.127 for Windows, Mac and Linux warning of a high-severity zero-day flaw that’s actively being exploited by hackers.
“Google is aware that an exploit for CVE-2022-1364 exists in the wild,” the company wrote.
For obvious reasons, Google is cagey about the exact nature of the vulnerability. These things are typically fully outlined only once the vast majority of people are protected from it, in order to blunt the risk of an attack.
But what we do know is that CVE-2022-1364 is a so-called “confusion” weakness in Chrome’s V8 JavaScript engine. This type of flaw often leads to browser crashes by reading or writing memory of out buffer bounds, but the high severity label for this specific bug suggests that it could be the rarer kind that allows attackers to execute damaging code.
The Google Threat Analysis team’s Shane Huntley reported that the exploit was discovered by his teammate Clément Lecigne, and the fix was implemented within 24 hours. Notably, it’s the third zero-day threat fixed in 2022, after CVE-2022-0609 and CVE-2022-1096 were squashed earlier this year.
Another Chrome 0day (CVE-2022-1364) in the wild found by @_clem1 . Reported to Chrome yesterday and updated release out now: https://t.co/JIboCmb0yJIncredibly impressive how fast @googlechrome is getting at rolling out fixes.April 14, 2022
How to update Chrome now
While Google says that the update to 100.0.4896.127 will be rolled out in the coming days and weeks, given the risks involved, we’d suggest you ensure you have it as soon as it’s available.
In Google Chrome, use your mouse cursor (or your finger if you're on a touchscreen) to click the three vertical dots at the top right of the browser toolbar, then scroll down to and hover your cursor over Help in the menu that appears.
A fly-out menu will appear; click on "About Google Chrome," and Chrome will open a new tab listing your version number. If your browser needs an update, this tab will automatically begin the process and then prompt you to relaunch.
Assuming the vulnerability is universal to all Chromium-based browsers, we should also see the likes of Microsoft Edge, Brave, Opera and Vivaldi all seeing patches of their own in the near future, so keep an eye out if you’re outside of Chrome.
