Getty Images April 17 Update below. This post was originally posted on April 14th Google has now released three emergency, off-zone security updates for the Chrome browser in equal weeks. In addition, this, like the first, is to correct a high-serious zero-day vulnerability that is already being exploited by intruders.
Three special Google Chrome security updates in three weeks
Google has released another emergency security update for the 3.2 billion Chrome web browser users. The third such update, which reveals a single high-vulnerability, will be released in a hurry in three weeks. This, like the first of these alarming tripartite threats, is a zero-day vulnerability: a vulnerability that Google has confirmed is already being used by intruders.
How serious is CVE-2022-1364?
But the similarities do not stop there. CVE-2022-1364, this vulnerability, is another “V8 type confusion”. This means that it affects the JavaScript engine used by Chromium-supported browsers such as Google Chrome, Microsoft Edge, Brave and others. As before, Google has no other technical details and the confirmation of the update states that “we will also maintain the restriction”, which suggests that this is a very serious vulnerability. The security update process has already started and the repair will be available to you in the coming days and weeks. This emergency update transports Chrome to version 100.0.4896.127 on Windows, Mac, and Linux platforms. Browser users such as Microsoft Edge, Brave, Vivaldi and Opera are advised to be on the lookout for possible updates for those coming soon. MORE THAN FORBESI Google suddenly releases new emergency security update for 3.2 billion Chrome users By Davey Winder Surprisingly, Google’s update states that it includes two security fixes, but only lists CVE-2022-1364 as revealed by Clément Lecigne, who works with Google Threat Analysis Team. The seriousness of this vulnerability is underscored once again by the fact that it was reported to Google on April 13 and the security update was released the next day. This is a very welcome, but just as unusual, quick recovery. I contacted Google for a statement.
Google Vulnerability System works as intended
As I have said before, this does not equate to bad security from Google, quite the opposite in reality. The maturity of Google Chrome security software is demonstrated by the discovery and repair of these vulnerabilities. It is proof that the vulnerability detection system works and works well. Of course, it would be better if there were no such serious vulnerabilities in the code to begin with, but the truth is that we do not live in an ideal world where no mistakes are made. MORE THAN FORBESThese 6 Dangerous Phone Applications Must Be Deleted Immediately By Davey Winder
How to apply the Google Chrome security patch
Chrome should be updated automatically as the patch becomes available to you. However, we advise you to start the update process as soon as possible as the attacks are ongoing. Make sure your copy of Google Chrome is the latest version Davey Winter Go to Help | About your Google Chrome menu. If your version of Chrome does not appear as 100.0.4896.127, then it will be vulnerable to the known exploitation. However, the update should now start downloading automatically. It may take a few days for the update to reach everyone, so be patient if you have not seen it yet. Your browser will not be protected until you restart Davey Winter Also, remember to restart your browser after installing the update, otherwise it will not activate and you will still be vulnerable to attacks. Once the Chrome version appears as 100.0.4896.127, the patch will be installed Davey Winter Update April 15: Good news for Brave users, the update is already out. My copy of Brave was updated this morning as you can see in the screenshot below. Just go to “About Brave” from the burger stack menu and Brave will start the update process automatically. Make sure Brave’s copy is up to date Davey Winter Update April 17: Following my previous update that Brave web browser users have been able to fix the zero-day vulnerability discovered on the Chromium engine, there is some more good news. I can confirm that Microsoft Edge users will also be protected as soon as the latest browser security update is downloaded and installed. Instructions for doing this are below. Do not wait for automatic updates, as this vulnerability allows a potential attacker to take control of your computer and there is already an in-the-wild exploit. By simply checking to see what version your Edge browser is, this process will start a download if an update is ready. It’s good to see that Microsoft has responded so quickly to this vulnerability. That said, my copy of Brave Browser still beats Microsoft in vulnerability repair. I checked both Brave and Edge for updates at the same time and Edge had not yet released any updates available to me at that time. This could be a scale advantage, with Brave obviously a much smaller feature than Microsoft and a much smaller user base to consider. However, since they both use the same Chromium engine to power their respective browsers, I do not think we need to wait too long for important updates like this to come out together. Indeed, I would be very happy if the updates circulated in all browsers at the same time and not all were one or two steps behind Google Chrome. And don’t just think about how dangerous this situation is or Google’s not only discovered the problem but issued a hotfix, consider the US government. The Cybersecurity and Infrastructure Security Agency (CISA) also confirmed that the vulnerability “has been detected on nature farms” and encourages users and administrators to apply the necessary updates. While this is not as important as a CISA formal notice or an emergency directive that requires repair within federal components over a period of time, it still clearly shows that this is not just your security patch. How to ensure that Microsoft Edge has the latest security update
- From the “Three Dots” menu on the top right, select “Help and Comments | About Microsoft Edge”
- This will immediately check if an update is available and start downloading if this happens.
- Once the download is complete, you will need to restart your browser to ensure that the installation is complete and that you are properly protected. Always restart your browser otherwise you will not be protected from the latest update Davey Winter
