Just days after Chrome‘s latest security fixes, Google is rolling out yet another security update for users of its popular web browser. Notably, the emergency release targets both desktop and mobile users.
Chrome 100.0.4896.127, available for Windows, Mac and Linux computers, addresses two vulnerabilities. One of the plugged holes, tracked as CVE-2022-1364 is a Type Confusion flaw in V8, Google’s open source JavaScript and WebAssembly engine. Google has learned that the bug, reported just two days ago by Clément Lecigne of Google’s Threat Analysis Group, is being actively exploited.
“Google is aware that an exploit for CVE-2022-1364 exists in the wild,” writes PrudhviKumar Bommana over on the Chrome Releases Blog.
As usual, bug details are restricted until a majority of users are updated, denying wrongdoers the information they need to exploit the bug to the detriment of end users.
As noted above, the bug is also present in mobile implementations of the browser. The same patch goes to Chrome users on Android, carrying the same version number. It also carries the same warning from Google: an exploit is out there. Chrome users on iOS are apparently unaffected at this time.
Considering the urgency of these releases, just days after the latest security increment, every Chrome user should update to the new version as soon as possible.
Stay safe!