If you think you’ve experiencing deja vu after reading this headline, you are not: Google has reported another zero-day vulnerability affecting Chrome, and by extension all its users. Fortunately, there is now a patch: Google issued a safety report Thursday, April 14th, indicating that the company had updated Chrome to a new build, 100.0.4896.127, to fix this newly discovered bug.
What is it lateGoogle Chrome security vulnerability?
The bug, identified as CVE-2022-1364, is a type confusion vulnerability in the V8 JavaScript engine. This particular problem occurs when a piece of code does not check the type of an object before it is used. Usually that type confusion simply crashes the browser, but when identified, bad actors can exploit the flaw. That was reported by Clément Lecigne of Google’s Threat Analysis Group on Wednesday, April 13, meaning Google has fixed the issue within 24 hours.
Unfortunately for the entire Chrome community, Google confirmed that such exploitation of CVE-2022-1364 exists in nature. That means someone somewhere, know about the bug and have found out about using it against others. When there is an available exploit of a zero-day vulnerability, it is imperative for developers to patch it as quickly as possible.
G / O Media can get a commission
Why has Chrome not been fixed yet?
ONEAlthough the patch is complete, Google has not rolled it out to all Chrome users at this time. According to the company, the roll isout will happen the next few days and weeks, which means you may not see it for a while. However, due to the seriousness of the situation, we recommend that you frequently check for the update until it becomes available in your browser.
To check, click on the three dots in the upper right corner of your browser window, select “Help“then select”About Google Chrome“Give Chrome a moment to look for a new update. If one is available, see it here. Once the update is installed, Chrome will restart, protected against CVE-2022-1364.
[Tom’s Guide]