Google has published an emergency update for Chrome to address a high-severity zero-day vulnerability that is being actively exploited in the wild.
According to a new security alert published by Google, the business is aware of an exploit for this critical vulnerability, dubbed CVE-2022-1364.
The bug is a confusion vulnerability in the Chrome V8 JavaScript engine. While these flaws typically result in browser crashes when reading or writing memory outside of buffer bounds, cybercriminals can also use them to execute arbitrary code on vulnerable devices.
ClĂ©ment Lecigne of Google’s Threat Analysis Group discovered the vulnerability and quickly notified the Google Chrome team. While Google has detected this zero-day vulnerability being extensively exploited in the wild, the company has remained quiet on any attacks. According to the company’s security notice, details regarding the problem and related links will be “restricted until a majority of users are updated with a fix.”
Manually updating Chrome is your best choice.
Google Chrome 100.0.4896.127 for Windows, Mac, and Linux will be available as an update in the next few weeks.
Due to the severity of this vulnerability, security-conscious users should upgrade Chrome right now by going into the Chrome menu, selecting Help, and then clicking on About Google Chrome. Then, they’ll be able to manually install the update instead of waiting for Google to do it for them.
Chrome will check for new updates and install them the next time you close and reopen the browser for those who choose to wait.
This is Chrome’s third zero-day vulnerability discovered and patched this year.