Google Chrome users urged to update immediately or risk attack

News
By published

A dangerous Google Chrome zero-day is being exploited in the wild

Google Chrome
(Image credit: Shutterstock)

Google has advised Chrome users to update the web browser to the latest version in order to avoid being targeted by cybercriminals.

Late last week, the company released Chrome 99.0.4844.84 for Windows, Mac, and Linux, which fixes a high severity zero-day vulnerability that allows for remote code execution.

In an advisory published alongside the update, the company explained that the issue has already been abused in real-life scenarios. "Google is aware that an exploit for CVE-2022-1096 exists in the wild," wrote the firm.

TechRadar needs you!

We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time. Thank you for taking part.

>> Click here to start the survey in a new window <<

Google Chrome zero-day

Tracked as CVE-2022-1096, the Google Chrome vulnerability is described as a confusion weakness in the Chrome V8 JavaScript engine.

It allows an attacker to crash the browser and execute arbitrary code, which means it could be abused for a denial of service attacks or to infect devices with malware and ransomware.

Because the flaw is being abused in the wild, Google is deliberately withholding additional information until users are able to patch up their systems. 

"Access to bug details and links may be kept restricted until a majority of users are updated with a fix," Google said. "We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but haven't yet fixed."

The fix is already out, but it could take weeks before it reaches each and every Chrome user, Google says. Anyone looking to check whether their client has updated automatically can do so via Chrome Menu > Help > About Google Chrome, which leads to a page that reveals the current version number and lists any available updates.

Read more

> Emergency Google Chrome update fixes nasty security bug

> Google Chrome 100 update may break your website - but there's a fix

> How to use profiles in Chrome to keep work and home separate

This is the second zero-day found and patched in Chrome since the start of the year, following the discovery of CVE-2022-0609. Google describes this vulnerability as a "use after free in animation", but has not gone into much detail about what this entails or how extreme the risk is.

The company says the flaws are being abused in the wild, but declined to share any details as to how they are being abused, or by whom. It's difficult to say if malware has been developed to abuse the flaw, and whether or not it will be picked up by antivirus solutions.

Via BleepingComputer

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
A finger touching the google chrome icon in the Windows 10 start menu
A new Chrome browser highjacking attack could affect billions of users - here's how to fight it
An option to add Ambient Music buttons to the iOS 18.4 Control Center.
Apple fixes dangerous zero-day used in attacks against iPhones and iPads
chrome firefox extensions
Google Chrome extensions hit in major attack - dozens of developers affected, so be on your guard
Chrome icon on Android
Google Chrome extensions hack may have started much earlier than expected
Apple Siri
Update your Apple device now: iOS 18.3.2 fixes a flaw that could be exploited by hackers
Apple&#039;s new &quot;Share Item Location&quot; feature for AirTags.
Apple security alert - zero-day patched, so update your devices now
Latest in Security
ransomware avast
Ransomware attacks are costing Government offices a month of downtime on average
Lock on Laptop Screen
Data breach at Pennsylvania education union potentially exposes 500,000 victims
Data leak
Top collectibles site leaks personal data of nearly a million users
Spyware
Stalkerware data breach potentially hits over 2 million users, including thousands of Apple devices
An American flag flying outside the US Capitol building against a blue sky
Five Eyes "cannot replace US intel in Ukraine", claims former US Cyber Command Chief
Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.
Criminals are using a virtual hard disk image file to host and distribute dangerous malware
Latest in News
Citroen 2CV
The retro EV resurgence is in full swing, as Citroen confirms the iconic 2CV will return with batteries
Apple iPhone 16 Pro Max REVIEW
The latest batch of leaked iPhone 17 dummy units appear to show where glass meets metal on the new designs
Hornet swings their weapon in mid air
Hollow Knight: Silksong could potentially launch this year and I reckon it could be a great game for an Xbox handheld
ransomware avast
Ransomware attacks are costing Government offices a month of downtime on average
Cassian looking at someone off-camera from a TIE fighter cockpit in Andor season 2
Star Wars: Andor creator is taking a stance against AI by canceling plans to release its scripts, and I completely get why
Nintendo x Seattle Mariners partnership
The Nintendo Switch 2 logo will be featured on the Seattle Mariners' baseball jerseys this season
More about security
ransomware avast

Ransomware attacks are costing Government offices a month of downtime on average
Data leak

Top collectibles site leaks personal data of nearly a million users
Citroen 2CV

The retro EV resurgence is in full swing, as Citroen confirms the iconic 2CV will return with batteries
See more latest
Most Popular
Citroen 2CV
The retro EV resurgence is in full swing, as Citroen confirms the iconic 2CV will return with batteries
I Hate This Place artwork
Bloober Team is keeping busy as it announces its next survival horror game I Hate This Place and offers a new look at its upcoming title Cronos: The New Dawn
Equal1 Bell-1 quantum computer
This is the first quantum computer you can actually buy (and use, and power): Equal1's Bell-1 uses a standard power socket
Ryzen AI Max+ 395
Obscure Chinese PC vendor gets preferential AMD treatment as Lisa Su signs first desktop PC with Ryzen AI Max+ 395 ahead of May launch
Apple iPhone 16 Pro Max REVIEW
The latest batch of leaked iPhone 17 dummy units appear to show where glass meets metal on the new designs
SanDisk Slim Dual Drive
This is the first 2TB dual-port external SSD ever and it's not as expensive as you may think
Bimawen B15.6 TV Pro
A sign of things to come? This portable monitor comes with Google TV, a remote control and a very well hidden Android PC
Cassian looking at someone off-camera from a TIE fighter cockpit in Andor season 2
Star Wars: Andor creator is taking a stance against AI by canceling plans to release its scripts, and I completely get why
Kioxia LC9 2.5 SSD
After 7 years, Exadrive's 100TB 2.5-inch SSD is finally superseded by a far superior 122.88TB model from Kioxia
Nintendo x Seattle Mariners partnership
The Nintendo Switch 2 logo will be featured on the Seattle Mariners' baseball jerseys this season