If you think you’re experiencing deja vu after reading this headline, you’re not: Google has reported another zero-day vulnerability affecting Chrome, and, by extension, all of its users. Luckily, there’s now a patch: Google issued a security report Thursday, April 14, stating the company had updated Chrome to a new build, 100.0.4896.127, to address this newly discovered flaw.
What’s the latest Google Chrome security vulnerability?
The flaw, identified as CVE-2022-1364, is a type confusion vulnerability in the V8 JavaScript engine. This particular issue occurs when a piece of code doesn’t check an object’s type before using it. Usually, that type confusion simply crashes the browser, but when identified, bad actors can exploit the flaw. It was reported by Clément Lecigne of Google’s Threat Analysis Group on Wednesday, April 13, meaning Google patched the issue within 24 hours.
Unfortunately for the entire Chrome community, Google confirmed that such an exploit for CVE-2022-1364 exists in the wild. That means someone, somewhere, knows about the flaw and has figured out how to use it against others. When there’s an available exploit for a zero-day vulnerability, it’s imperative for developers to patch it as soon as possible.
Why hasn’t Chrome been patched yet?
Although the patch is finished, Google hasn’t rolled it out for all Chrome users at this time. According to the company, the rollout will occur the next days and weeks, meaning you might not see it for some time. However, because of the severity of the situation, we recommend checking for the update often until it becomes available on your browser.
To check, click the three dots in the top-right corner of your browser window, choose “Help,” then choose “About Google Chrome.” Allow Chrome a moment to look for a new update. If one is available, you’ll see it here. Once the update is installed, Chrome will relaunch, protected against CVE-2022-1364.