Google Chrome users urged to update immediately or risk attack
A dangerous Google Chrome zero-day is being exploited in the wild
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Googlehas advised Chrome users to update theweb browserto the latest version in order to avoid being targeted by cybercriminals.
Late last week, the company released Chrome 99.0.4844.84 for Windows, Mac, and Linux, which fixes a high severity zero-day vulnerability that allows for remote code execution.
In anadvisorypublished alongside the update, the company explained that the issue has already been abused in real-life scenarios. “Google is aware that an exploit for CVE-2022-1096 exists in the wild,” wrote the firm.
We’re looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn’t take more than 60 seconds of your time. Thank you for taking part.
Click here to start the survey in a new window«
Google Chrome zero-day
Tracked as CVE-2022-1096, the Google Chrome vulnerability is described as a confusion weakness in the Chrome V8 JavaScript engine.
It allows an attacker to crash the browser and execute arbitrary code, which means it could be abused for a denial of service attacks or to infect devices withmalwareandransomware.
Because the flaw is being abused in the wild, Google is deliberately withholding additional information until users are able topatchup their systems.
“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” Google said. “We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but haven’t yet fixed.”
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
The fix is already out, but it could take weeks before it reaches each and every Chrome user, Google says. Anyone looking to check whether their client has updated automatically can do so via Chrome Menu > Help > About Google Chrome, which leads to a page that reveals the current version number and lists any available updates.
Emergency Google Chrome update fixes nasty security bug
Google Chrome 100 update may break your website - but there’s a fix>How to use profiles in Chrome to keep work and home separate
This is the second zero-day found and patched in Chrome since the start of the year, following the discovery of CVE-2022-0609. Google describes this vulnerability as a “use after free in animation”, but has not gone into much detail about what this entails or how extreme the risk is.
The company says the flaws are being abused in the wild, but declined to share any details as to how they are being abused, or by whom. It’s difficult to say if malware has been developed to abuse the flaw, and whether or not it will be picked up byantivirussolutions.
ViaBleepingComputer
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
Cisco issues patch to fix serious flaw allowing possible industrial systems takeover
Washington state court systems taken offline following cyberattack
Google TV will require more RAM for future upgrades – which might leave older TVs and streaming boxes behind
