Not every Chrome update brings new features to the browser, but bug fixes and patches are just as important. On Thursday, Google issued an update for the desktop version of Chrome to patch a zero-day security flaw that hackers are exploiting in the wild. If you use Chrome on Windows, Mac, or Linux, you should install the update now.
Google’s Prudhvikumar Bommana says that CVE-2022-3723 is a high-severity type confusion weakness in Chrome’s V8 JavaScript engine. This is the second such security flaw in Chrome this year, as we reported on another type confusion bug in March.
As we’ve explained before, if the attacker exploits a type confusion vulnerability, it can allow them to execute arbitrary code in the browser. They can also view, edit, or delete data if they have the necessary privileges. We are unsure how attackers exploit this specific bug, though, because Google wants everyone to update Chrome before sharing details.
“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” Google explains. “We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but haven’t yet fixed.”
This is the seventh Chrome zero-day bug Google has patched in 2022. The last one surfaced in September and involved a data validation issue.
How to update your Chrome browser
Chrome doesn’t always apply the latest updates when you open the browser, so if you want to check and see which version you are running, go to Settings and then About Chrome at the bottom of the menu bar on the left side of the screen.
If you are already running the latest version of the browser, then you are good to go. If not, you should begin the process of updating as soon as possible. Once it finishes downloading, click the Relaunch button to finish updating.
More Google coverage: For more Pixel news, visit our Pixel 7 guide.