The multinational Google released another emergency update for Chromeafter detecting a new one vulnerability in the system. It is the second failure, with the related solution, which comes out in just over a week.
On March 25th, Google has released an update after identifying a problem in the version of Chrome that could be used by hackers, as warned by the company at the time.
The company explained in their blog that the update for Windows, Mac and Linux was already available with the number 99.0.4844.84.
The threat was considered “high” (the second most serious category only after the critical one), “until most users update” to prevent the spread of sensitive information without giving the average user the opportunity to be protected .
This vulnerability received the CVE-2022-1096 nomenclature and it was an anonymous user who reported it on March 23. The company confirmed that an exploit of this flaw had been seen, meaning the attacks were already underway.
Now a new emergency update has arrived. Although in this case the plus point is that, for now, there is no confirmation that the attackers are already exploiting the identified cybersecurity hole.
The the emergency update comes with version 100.0.4896.75. In a notice published on April 4Google confirms that the security patch will be rolled out for Windows, Mac and Linux users of Chrome in the coming days and weeks.
The vulnerability is listed as CVE-2022-1232 and it is high gravity. The company has not yet provided technical details on this flaw. As usual, it will do this when most Chrome users are able to update the system. This is a precautionary measure that is usually implemented in these contexts.
According to the Center for Internet Safety (Internet Security Center), this security hole could allow the arbitrary code execution. Refers to the ability of an attacker to execute commands or inject malicious code into an application.
“Depending on the privileges associated with the application, an attacker could see, modify, or delete the data,” they warn from that entity.
Since the Chromium engine works with many browsers, including Edge and Opera, security updates for them will surely be released in the next few days as well.
How to update Chrome
Press the three dots that appear in the top margin of Chrome, just below the profile picture. This will enter the Settings menu.
Then, click on the option that says Help and then on About Chrome and there you will see the version you have. As mentioned above, the security patch for this flaw comes with version 100.0.4896.75.
If the aforementioned update is available, it will start downloading and if not, we will have to wait a few days or even weeks, as the company warns on its blog. As this is a global version, there may be some delays.
Note that once the update is installed, you need to restart your browser for the protection to take effect. Otherwise, the system will continue to be vulnerable to possible attacks that exploit the aforementioned flaw.
Other security measures:
Here are some security measures to implement until the patch arrives and even after receiving it to add an extra layer of attention, as mentioned on the Center for Internet Safety website
1. Run all software as an unprivileged user (one with no administrative privileges) to reduce the effects of a possible attack.
2. Avoid visiting untrustworthy websites or clicking on links provided by unknown sources.
3. Inform and educate users about the threats posed by hyperlinks contained in emails or attachments, particularly from unreliable sources.