PSA: Google advises users to update Chrome as soon as possible

In short: This week, Google released an update to the Chrome web browser that does not include any new features as it is entirely focused on fixing important security vulnerabilities, including one zero-day vulnerability that attackers are currently targeting in malware campaigns.

Latest Stable Google Channel Refresh for the desktop version of its browser, Chrome is one of the most important in months. According to the official changelog, the latest release contains fixes for at least 11 security bugs, one of which was heavily exploited in the wild.

Most of us use the popular web browser on a daily basis and believe that it is secure enough for most purposes, so you should update your installed version of Chrome as soon as possible. Vulnerability targeted in the wild has been assigned CVE-2022-2856, and it’s so serious that Google will keep details about it under wraps until most users get a fix. Engineers may even go so far as to hold the disclosure until any other Chromium-based projects are immune to the exploit.

The only thing we know about the nature of CVE-2020-2856 is that it fixes the “insufficient checking for untrusted input in intents” issue. Intents are used to process user input in Google Chrome, so the bug allows an attacker to enter a specially crafted message, such as a comment on a web page, that is not expected by the application and is accepted by other parts of the browser. It. This can lead to a change in control flow and arbitrary code execution.

The good news is that updating Google Chrome is as easy as going to the “About” section in the settings menu. Once you’re there, the system will check for updates, which usually install in seconds and require a browser restart to complete.

So far this year, Google has fixed five zero-day bugs, and one of them involved an Israeli spy firm. Candiru. Back in March, Google noted a significant increase in the number of Chrome vulnerabilities that were exploited in the real world. The company observed 14 of them in 2021, up from eight in 2020 and just two in 2019.

In other security news, Apple just fixed two actively exploited vulnerabilities affecting iPhones, iPads, and Macs. As with the latest Chrome update, you should install them as soon as possible.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button