News

IT NEWS

Update now! Google releases emergency patch for Chrome zero-day used in the wild

Google has urged its 3 billion+ users to update to Chrome version 99.0.4844.84 for Mac, Windows, and Linux to mitigate a zero-day that is currently being exploited in the wild. This is in response to a bug reported by an anonymous security researcher last week.

The flaw, which is tracked as CVE-2022-1096, is a a “Type Confusion in V8” and is rated as high severity, meaning that it’s necessary for everyone using Chrome to update as quickly as possible because of the damage attackers could cause once they exploit this.

Not much is known about the vulnerability itself or how great the impact would be if exploited, but the unusual release of this patch, which notably addresses just one vulnerability, means that this update shouldn’t be ignored.

Google is always cautious to release more details until the majority of users are updated with a fix. Google says it may take weeks before the update reaches its entire user base.

How to update

The easiest way to update is to allow Chrome to do it automatically, which basically uses the same method I outlined below but does not require your attention. But you can end up lagging behind if you never close the browser or if something goes wrong, such as an extension stopping you from updating the browser.

So, it doesn’t hurt to check now and then. And now would be a good time.

My preferred method is to have Chrome open the page chrome://settings/help which you can also find by clicking Settings > About Chrome.

If there is an update available, Chrome will notify you and start downloading it. Then it will tell you all you have to do to complete the update is relaunch the browser.

Microsoft Edge

Microsoft has confirmed that Edge, a Chromium-based browser, is also affected by this vulnerability. Edge users should urgently update their browsers to version 99.0.1150.55, which is not vulnerable to the flaw.

The post Update now! Google releases emergency patch for Chrome zero-day used in the wild appeared first on Malwarebytes Labs.