Why You Need to Update Google Chrome ASAP… Again
If you think you’re feeling déjà vu after reading this headline, you’re not: Google has reported yet another zero-day vulnerability affecting Chrome and, by extension, all of its users. Luckily, there is now a fix: Google released a security report on Thursday, April 14, which says the company has updated Chrome to a new build 100.0.4896.127 to fix this newly discovered vulnerability.
What is the latest security vulnerability in Google Chrome?
The vulnerability, designated CVE-2022-1364, is a type confusion vulnerability in the V8 JavaScript engine. This particular problem occurs when a piece of code does not check the type of an object before using it. Usually, this type confusion simply crashes the browser, but if detected, attackers can exploit this vulnerability. This was reported by Clément Lesin of the Google Threat Intelligence Team on Wednesday, April 13, which means that Google fixed the issue within 24 hours.
Unfortunately for the entire Chrome community, Google has confirmed that such an exploit for CVE-2022-1364 exists in the wild. This means that someone somewhere is aware of the flaw and figured out how to use it against others. When there is an exploit available for a zero-day vulnerability, developers need to fix it as soon as possible.
Why is Chrome still not fixed?
While the fix is complete, Google hasn’t released it to all Chrome users yet. The rollout will happen in the coming days and weeks, meaning you might not see it for some time, the company says. However, due to the severity of the situation, we recommend that you frequently check for updates until they are available in your browser.
To check this, click on the three dots at the top right corner of your browser window, select ” Help “, then select ” About Google Chrome “. Give Chrome some time to find a new update. If it’s available, you’ll see it here. After installing the update, Chrome will restart with CVE-2022-1364 protection.
[ Tom’s Guide ]