AppleInsider is supported by its audience and may earn commission as an Amazon Associate and affiliate partner on qualifying purchases. These affiliate partnerships do not influence our editorial content.
Google has issued its third urgent update for Chrome, one that patches another zero-day vulnerability in the highly-used desktop web browser.
Released on Thursday, the Stable Channel Update for Google Chrome’s desktop variant brings the browser to version 100.0.4898.127, on macOS, Windows, and Linux. According to Google, the update will roll out over the coming days and weeks, but users may want to force the update earlier.
The update includes a pair of security fixes, including a “type confusion” vulnerability designated as CVE-2022-1364. The bug was reported by a member of the Google Threat Analysis Group on April 13, with Google rapidly bringing out a fix for it, writes The Register†
The bug in question is reckoned to be a high-severity zero-day, which is actively being used by attackers. Once performed, it can cause a browser to crash or trigger an error, which has the potential to allow arbitrary code to be executed.
Google says it is “aware that an exploit for CVE-202201364 exists in the wild,” a factor that contributed to the quick creation of a fix. However, rather than provide explicit details of the bug, Google says it is restricting access to that information until “a majority of users are updated” and therefore protected.
The update to the new version can be performed automatically for the user, though it can be manually performed in macOS by selecting “Chrome” in the main menu followed by “About Google Chrome.” Once the update has been downloaded, click “Relaunch.”