Google Chrome has just released an update for its browser to fix a major 0-day flaw actively exploited for attacks. The flaw could affect all Chromium-based browsers, including Microsoft Edge, which confirmed this information, but also Brave or Opera.
Google Chrome under threat of a flaw
The Google Chrome browser , used by more than 3 billion people around the world, has just released Chrome version 100.0.4896.127 to fix a major 0-day vulnerability that can be used for different types of attacks. The code for this flaw is CVE-2022-1364 .
Although no specific cryptocurrency details have been revealed, it is still highly recommended to opt for maximum security , so be sure to apply this update as soon as possible.
The flaw, discovered by a member of Google’s Threat Analysis Group on April 13, affects the V8 JavaScript engine and could therefore affect all browsers built around Chromium . This includes among others Microsoft Edge, which confirmed this information , but also Opera or Brave.
This flaw is actively exploited , so we strongly advise you to update your browser as long as it is based on Chromium.
To update Google Chrome, just type “ chrome://settings/help ” in the search bar. A refresh launches automatically and updates to the latest version if necessary. Then check that you have version 100.0.4896.127 .
It should be noted that the details relating to the flaw, its level of exploitation as well as the methods of correction are generally kept confidential by Google . These are usually revealed several weeks after the emergency updates until the majority of users have made the transition to the latest version.
Since the V8 JavaScript engine has an extremely large number of users, it is a prime target for different types of attacks. A “ confusion ” flaw , such as the one we are discussing today, allows read-write memory exploitation and opens the way for hackers to apply arbitrary code .
This is the third 0-day flaw since the start of 2022 for Chrome . Indeed, the CVE-2022-0609 and CVE-2022-1096 vulnerabilities were corrected on March 14 and 25 respectively.