Google has released Chrome 100.0.4896.127 for Windows, Mac and Linux, to address a serious zero-day vulnerability actively used by threatening attackers.
“Google is aware that exploitation of CVE-2022-1364 exists in nature,” Google said in a security release released today.
While Google states that this Chrome update will roll out over the next few weeks, users can receive it right away by visiting Chrome menu > Help > About Google Chrome.
The browser will also automatically check for new updates and install them the next time you close and restart Google Chrome.
Since this error is actively exploited in attacks, it is strongly recommended that you perform a manual check for new updates and restart the browser to apply them.
Get details revealed
The Zero-day bug that was fixed today is tracked as CVE-2022-1364 and is a vulnerability in the high-severity Chrome V8 JavaScript engine.
While type confusion errors generally lead to browser crashes after successful exploitation by reading or writing memory outside the buffer limits, attackers can also exploit them to execute arbitrary code.
This vulnerability was discovered by ClĂ©ment Lecigne of Google’s Threat Analysis Group, who reviewed it to the Google Chrome team yesterday.
While Google said they have detected attacks exploiting this zero-day, it did not provide further details on how these attacks are carried out.
“Access to error details and links may be restricted until a majority of users are updated with a fix,” Google added.
This is the only vulnerability revealed in this update, which indicates that Chrome 100.0.4896.127 was released as an emergency update to resolve this issue.
Third Chome zero-day set this year
With this update, Google has addressed the third Chrome zero day since the start of 2022.
The two previous vulnerabilities found in 2022 are listed below.
Since this zero-day is known to be used in attacks, it is strongly recommended to update Google Chrome as soon as possible.