In response to yet another zero-day vulnerability in the widely used desktop web browser Chrome, Google has released its third Chrome security update. The Stable Channel Update for Google Chrome’s desktop version was released on Thursday, bringing the browser’s version numbers up to 100.0.4898.127 for macOS, Windows, and Linux systems alike.
It contains a pair of security patches, one of which addresses a “type confusion” vulnerability, which has been assigned the CVE-2022-1364 designation. According to a source, the weakness was first spotted on April 13 by a member of the Google Threat Analysis Group, and Google responded swiftly by issuing a patch.
Google Launches an Emergency Chrome Update
The vulnerability in question is believed to be a high-severity zero-day vulnerability that attackers are actively exploiting at the time of this writing. Using arbitrary code, it has the capability of bringing down a browser or producing an error, allowing for the execution of arbitrary code.
In the words of Google, the company is “aware that an exploit for CVE-202201364 exists in the wild,” which helped to expedite the development of a fix. As an alternative to releasing specifics about the problem, Google has stated that it will restrict access to that information until “the vast majority of users have been updated” and are therefore protected.
Automatic updates are available, but users may also manually update their browser on Mac OS X by selecting “Chrome” from the main menu and then “About Google Chrome” from the drop-down menu. After the update has been downloaded, select “Relaunch” to restart the programme.
Emergency Chrome Update to Fix Zero-day Vulnerability
The hole is identical to one that Google patched on March 26 in Chrome’s V8 JavaScript engine, which had another “type misunderstanding” flaw, which was also patched on the same day. A variant of the V8 JavaScript engine vector is used in the newest exploit. The Center for Internet Security (CIS) states that:
