Google Issues Urgent Zero-Day Patch For Billions Of Chrome Users, Update ASAP
If you're among the more than 2 billion who use Google's Chrome browser on your desktop PC, take a moment to apply the latest patch. Google has issued an emergency update that contains a single security fix and nothing more, but it's an important one—its plugs up a gaping security hole that hackers are known to be actively exploiting in the wild.
Details about the specific security flaw and exploit are light, though in broader terms, it's labeled as CVE-2022-3723 and carries a "High" severity rating. It's also listed as a "Type Confusion" in Chrome's free and open-source V8 JavaScript engine (another one). That means you should also be on the lookout for updates to third-party browsers based on Chromium, such as Microsoft Edge (as of version 107.0.1418.24, it doesn't appear as though CVE-2022-3723 is mitigated).
"Google is aware of reports that an exploit for CVE-2022-3723 exists in the wild," Google states in an advisory.
It's typical for Google and other firms to temporarily withhold details about a zero-day security flaw until a majority of users have applied the fix. Otherwise, it just makes it easier for hackers to leverage the exploit and wreak havoc to a wider base of users.
We can still glean some general details, though. As explained by Common Weakness Enumeration (CWE), a type confusion occurs when a "program allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type."
This can trigger logical errors and allow an attacker to read from sections of memory that should be out of bounds, thereby potentially exposing sensitive details. Depending on the specific exploit, this type of flaw could also enable an attacker to remotely launch arbitrary code, essentially tricking Chrome into running malicious code.
How To Update Chrome Manually
If you're running Chrome, you can sit around and wait for the latest update to be applied automatically. However, in these instances where a zero-day flaw is being exploited, we advise being proactive.
Fetching the latest update is a quick and easy process. Just click on the three vertical dots in the upper-right corner of Chrome and navigate to Help > About Google Chrome.
Chrome will then look for and grab the latest update if one is available. Once installed, hit the Relaunch button and you're good to go. Chrome will even politely reload any pages and tabs you had open (though be sure to save any work first, if for example you're typing in a CMS or an online document).
Updating Microsoft Edge is just as easy. Click on the gear icon in the lower-right corner of Edge then navigate to About Microsoft Edge. The browser will likewise check for and download the latest build if one is available, after which you'll be prompted to restart Edge.
