At least 3.2 billion Chrome users could be at risk because of the high severity zero-day vulnerability.
Google released an emergency security update for Google Chrome Stable on 25th March 2022 to patch a high-severity zero-day security vulnerability in the web browser that is potentially exploited in the wild already.
The update was released for Chrome version 99.0.4844.84. Google claims that it is a highly unusual flaw that has been addressed as a single security vulnerability, which indicates how serious this one could be. In its update announcement, Google also confirmed the vulnerability tracked as CVE-2022-1096, stating that it was aware that an exploit was available for it.
Vulnerability Existing in Edge
Edge is a Chromium-based browser, and according to Google, the vulnerability exists in this browser. Hence, Edge was updated to prevent users from getting exploited. The company has urged users to update their browsers urgently, and if they are using browser version 99.0.1150.55 or above, they are not vulnerable to CVE-2-2022-1096.
For your information, Chromium supports several browsers apart from Edge, including Vivaldi and Brave. Therefore, we can expect more patches to come forth shortly.
How to Download the Patch?
The update is available for all compatible desktop systems. Google noted that it would automatically roll out updates for all devices in the coming days or weeks. This marks the second zero-day vulnerability Google patched this year in the Chrome browser.
The first was released in February 2022. Open the Chrome browser and select Menu > Help > About Google Chrome to download the patch. Or else you can type and load chrome://settings/help directly in the address bar.
More Chrome Security Topics
- Chrome on Android will alert, fix your compromised password
- New malware lures fake Chrome update to attack Windows PCs
- Malvertising attack distributes malicious Chrome extensions, backdoors
- Researcher release PoC exploit for 0-day in Chrome, Edge, Brave, Opera
- Urgent Chrome security update released to patch widely exploited 0-day