AppleInsider is supported by its audience and can earn commission as an Amazon Associate and affiliate partner on qualifying purchases. These affiliate partnerships do not affect our editorial content.
Google has released its third urgent update to Chrome, one that addresses another zero-day vulnerability in the widely used desktop web browser.
Released on Thursday, the stable channel update for the Google Chrome desktop variant brings the browser to version 100.0.4898.127 on macOS, Windows and Linux. According to Google, the update will roll out in the coming days and weeks, but users may want to force the update sooner.
The update includes a few security fixes, including a “type confusion” vulnerability designated as CVE-2022-1364. The bug was reported by a member of the Google Threat Analysis Group on April 13, where Google quickly brought a fix to it, writes The register.
The error in question is considered to be a zero-day with high severity, which is actively used by attackers. Once done, it can cause a browser to crash or trigger an error that has the potential to allow arbitrary code execution.
The type of error is similar to an issue that Google fixed on March 26, which involved another “type confusion” vulnerability in the Chrome V8 JavaScript engine. Again, the latest utilization uses the same vector of the V8 JavaScript engine.
Google says it is “aware that exploitation of CVE-202201364 exists in nature,” a factor that contributed to the rapid creation of a fix. Instead of giving explicit details about the error, Google says it restricts access to this information until “a majority of users are up to date” and therefore protected.
The update to the new version can be performed automatically for the user, although it can be done manually in macOS by selecting “Chrome” in the main menu followed by “About Google Chrome.” Once the update has been downloaded, click “Restart”.