Monday, May 20, 2024

Google issues new emergency security update for all Chrome users

Must Read

Google has urged Chrome users to update as yet another emergency security fix is released. Here’s what you need to know.

A little over a week ago, I warned readers that Google had issued a very rare emergency update for all 3.2 billion Chrome users. Rare because this was a security update that patched a solitary security vulnerability. As for the emergency, Google confirmed that an exploit had been seen in the wild and that means attacks were already underway.

Fast forward to now and I find myself in the odd situation of reporting on yet another emergency update. The good news is that there is no confirmation that attackers are already exploiting the cybersecurity hole at the heart of this update.

However, it is another sudden, out-of-band, emergency, security update that covers a single vulnerability which means Google is in no doubt as to the seriousness of this one as well.

MORE FROM FORBESGoogle Issues Emergency Security Update For 3.2 Billion Chrome Users-Attacks UnderwayBy Davey Winder

Chrome 100 high-severity security vulnerability revealed
The emergency update takes Chrome to version 100.0.4896.75 and comes hot on the heels of the landmark version 100 update that itself fixed some 28 security vulnerabilities.

In a Chrome stable channel update announcement, published April 4, Google confirms that the security patch will roll out for Chrome’s Windows, Mac and Linux users over the coming days and weeks.

Update April 7: It’s important to understand that the impact of vulnerabilities in the Chromium ‘engine’ goes beyond just Google Chrome users. That’s because the same engine, in a different wrapper, powers many other popular web browsers such as Brave, Microsoft Edge, Opera and Vivaldi. As a Brave user myself, I can confirm that an update (to version 1.37.111) was released on April 5 and patches the vulnerability. Having checked my copy of Edge (version 100.0.1185.29) it’s apparent that Microsoft is yet to patch this browser. Indeed, Microsoft confirmed as much on April 4: “Microsoft is aware of the recent Chromium security fixes. We are actively working on releasing a security patch.” Please keep an eye out for updates to ensure they are installed (which usually means restarting the browser) if you use any of these Chrome alternatives.

Update April 8: If you are a user of the Microsoft Edge browser then it’s vital you check to ensure that it is protected from CVE-2022-1232. Microsoft has now updated the browser to version 100.0.1185.36 and confirmed that this latest iteration of Edge “is no longer vulnerable.” You can both check to see what version of the browser you are running and initiate the latest update, head to the ‘Help and feedback’ settings menu option and then select ‘About Microsoft Edge.’ If your browser needs updating the download will automatically kick in, but you will need to restart Edge to be protected.

Google security maturity is evident by these timely updates
Before I go any further, let me just say that I think this is actually a good thing. Let me tell you why: it confirms the security maturity of Google in that these serious vulnerabilities are being found and patched.

The particular, single, vulnerability that has been addressed in this still unusual update, despite it happening twice in 10 days now, is listed as the high-severity CVE-2022-1232. As is usual in such cases, Google has yet to make any technical details of the vulnerability public and won’t until such a time that a majority of Chrome users have been able to apply the fix.

Visiting a website could let attackers take control of your computer
However, according to the Center for Internet Security the vulnerability represents a high risk as it could allow for arbitrary code execution. It’s another ‘type confusion’ problem, as with the previous emergency Chrome update, that sits within the V8 JavaScript engine. The likely attack methodology simply being the successful direction of the victim to a malicious web page. All Chrome users are therefore advised to ensure their browsers are updated as a matter of urgency.

Because the Chromium engine powers a lot of different web browsers, including Edge, Brave, Opera and Vivaldi, it’s likely that security updates for these will also be forthcoming.

MORE FROM FORBESWhy You Must Factory Reset Everything: A Privacy 101 For 2022By Davey Winder

How to apply the Google Chrome security patch now
Head for the Help|About option in your Google Chrome menu, and if the update is available, it will automatically start downloading.

Updating to Chrome v100.0.4896.75 will protect you from danger

Davey Winder

It may take a few days for the update to reach everyone, so be patient if you are not seeing it yet.

Also, remember to restart your browser after the update has been installed, or it will not activate, and you will still be vulnerable to attack.

Read More

- Advertisement -spot_img
- Advertisement - Antennas Direct - Antennas Reinvented
- Advertisement -
Latest News

‘Martyred’: Iranian Media Declare Raisi Dead; ‘No Sign’ of Life at Helicopter Crash Site

Search teams have reportedly located the site where a helicopter carrying Iranian President Ebrahim Raisi, crashed on Sunday, according...
- Advertisement - Yarden: ENJOY $20 OFF of $150 or more with code 20YD150

More Articles Like This

- Advertisement -spot_img