Google Chrome for macOS gets another emergency zero-day patch

AppleInsider is supported by its audience and is eligible to earn an Amazon Associate and Affiliate Partner commission on qualifying purchases. These affiliate partnerships do not influence our editorial content.

Google has released its third urgent update for Chrome, one that fixes another zero-day vulnerability in the popular desktop web browser.

Released Thursday, Stable channel update for the desktop variant of Google Chrome brings the browser to version 100.0.4898.127, on macOS, Windows, and Linux. According to Google, the update will roll out over the next few days and weeks, but users may want to force the update sooner.

The update includes a pair of security patches, including a “type confusion” vulnerability designated as CVE-2022-1364. The bug was reported by a member of the Google Threat Analysis Group on April 13, and Google quickly released a fix. writing The register.

The bug in question is considered a high-severity zero-day, which is being actively used by attackers. Once performed, it may cause a browser to crash or trigger an error, which may allow the execution of arbitrary code.

The type of bug is similar to an issue Google patched on March 26, which involved another “type confusion” weakness in Chrome’s V8 JavaScript engine. Again, the latest exploit uses the same V8 JavaScript engine vector.

Google says it’s “aware that an exploit for CVE-202201364 exists in the wild,” a factor that helped create a fix quickly. However, rather than providing explicit details about the bug, Google says it is limiting access to this information until “the majority of users are updated” and therefore protected.

Updating to the new version can be done automatically for the user, although it can be done manually in macOS by selecting “Chrome” from the main menu, followed by “About Google Chrome”. Once the update is downloaded, click “Relaunch”.

Source link

Steven L. Nielsen