April 18 – As part of an emergency update last week, Google fixed two vulnerabilities in its Chrome web browser, one of which was listed as ‘high severity.’ The latter is a Type Confusion vulnerability in V8 engine.
When run, the Type Confusion vulnerability can lead Chrome to crash or may allow arbitrary code to be executed. Google has restricted access to specifics concerning the vulnerability until “a majority of users are updated.” The vulnerability affects more than 3 billion people.
The severity of this vulnerability is underscored by the fact that it was reported to Google on April 13th and by the following day, a security update was released (an unusually fast turn-around).
How to apply update
Updates are rolling out to users across coming days/weeks. Chrome should auto-update itself as the patch becomes available.
Users can also kickstart the process by going to the “Help | About” option in the Google Chrome menu. The update should then start to download automatically. Once the update has been installed, remember to restart your browser. Otherwise, the update will not activate and you will remain vulnerable to attack.
The update may take several days to reach everyone, so if you’re not seeing it yet, the advice is to be patient.
This update takes Chrome to version 100.0.3896.127 across Mac, Windows and Linux desktop platforms.
Once the update has been installed, Microsoft Edge users will also be protected.
Because an in-the-wild exploit for this vulnerability already exists, enabling hackers to take control over machines, users may wish to install this update manually and as soon as possible.
While the Cybersecurity and Infrastructure Security Agency (CISA) has not issued an alert concerning this issue, it acknowledges that the vulnerability “has been detected in exploits in the wild” and encourages users and administrators to apply updates.