It may be time to update your copy of Google Chrome again.
Google has issued its third urgent update for Chrome, one that patches another zero-day vulnerability for its web browser.
The update, which stands at version 100.0.4898.127, was released on Thursday in the Stable Update Channel for Google Chrome, and applies to the macOS, Windows, and Linux versions of the browser. Google has stated that the update will roll out over the coming days and weeks, albeit users may want to force the update earlier.
The update includes a pair of security fixes, including a “type confusion” vulnerability designated as CVE-2022-1364. The bug was reported by a member of the Google Threat Analysis Group on April 13, with Google rapidly bringing out a fix for it.
The bug in question, once performed, can cause either a browser to crash or trigger an error, which then has the power to allow arbitrary code to be executed.
The type of bug is similar to an issue that Google patched on March 26, which involved another “type confusion” weakness in Chrome’s V8 JavaScript engine. Again, the latest exploit uses the same vector of the V8 JavaScript engine.
Google has stated that the company “is aware that an exploit for CVE-202201364 exists in the wild,” a factor that contributed to the quick creation of a fix. While Google has held off on providing explicit details of the bug, it has stated that it is restricting access to that information until “a majority of users are updated” and therefore protected.
The update to the new version can be performed automatically for the user, though it can be manually performed in macOS by selecting “Chrome” in the main menu followed by “About Google Chrome.” Once the update has been downloaded, click “Relaunch.”
If you’ve tried the updated version of Google Chrome, please let us know about your experience in the comments.
Via AppleInsider and The Register