Google released a security update for its Chrome web browser a moment ago that addresses a major security issue in the browser.
The update is available already, but Chrome users may want to speed up the installation to protect their devices and data. Google notes that malicious actors exploit the issue on the Internet already.
The security update is available for desktop operating systems and for Android.
Chrome 108: how to update
Chrome users may want to open Menu > Help > About Chrome in the browser to display the current version. Chrome runs a check for updates automatically when that page opens. Any update found will be installed automatically.
The following versions should be displayed after the update installation:
- Chrome for Windows: 108.0.5359.94 or 108.0.5359.95
- Chrome for Mac or Linux: 108.0.5359.94
- Extended Stable channel for Mac and Windows: 108.0.5359.94
- Chrome for Android: 108.0.5359.79
Just compare the listed version with the version that Chrome reports when you open the about page. Updating requires a restart of the web browser to complete the installation process.
Chrome 108: the security issue
Google’s release post on the official Chrome Releases blog reveals some information on the fixed issue.
The most important information conveyed is that the issue is exploited in the wild.
“Google is aware that an exploit for CVE-2022-4262 exists in the wild.”
In other words: Google is aware of attacks that target the security issue. The company does not provide further information, e.g., on the scope of the attacks or where these may be encountered.
Still, in the wild refers to attacks on the Internet that users of the browser may experience. A patched version of Chrome protects against these attacks, while an unpatched Chrome may be attacked successfully.
The security issue has a severity rating of high, which is second only to critical.
The CVE record — CVE stands for Common Vulnerabilities and Exposures — offers additional insights.
“Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)”
Attacks are carried out using webpages. These need to contain attack code to be executed. It is still unclear how widespread the issue is based on the description.
Summary
Chrome users and administrators need to patch the web browser immediately. The update to the latest Chrome 108 version protects the browser against attacks, which are carried out at the time of writing.
The new major security update comes just days after the update to Chrome 108; this update fixed another 28 different security issues in the Chrome web browser.
Chrome includes automatic update functionality, but updates do not happen in real-time. Chrome users may speed up the installation of updates using the method described above.
While that is not necessary for non-security or emergency updates, it is essential when it comes to security updates.
