04/08 Update below. This post was originally published on April 5
Chrome users, you need to act. Google has confirmed another highly dangerous hack of Chrome, its third in 10 days. Here is everything you need to know to stay safe.
Google released the news on its official blog, classifying the new hack (CVE-2022-1232) as posing a ‘High’ threat level. It also has a wide impact, with Chrome on Windows, Mac and Linux all affected.
04/06 Update: Multiple Chromium-based browsers have confirmed that they are also affected by CVE-2022-1232. The most high profile is Microsoft’s Edge browser, with the company stating: “Microsoft is aware of the recent Chromium security fixes. We are actively working on releasing a security patch.”
While the recognition is welcome, it is somewhat surprising to see Edge without a fix two days after the Chrome release. Historically, Microsoft is among the fastest out the gate but notably, here it has been beaten to the punch by Brave. The increasingly popular privacy-focused Chromium browser already announced its newly patched version back on Tuesday. Meanwhile clarification is needed from Vivaldi and Opera who have both recently updated their browsers, though it is currently unclear whether they contain this urgent security fix [Edit – they are patched]
04/08 Update: Microsoft has now confirmed the emergency Chrome fix released on Monday is now available to its Chromium-based Edge browser. “The latest Microsoft Edge Stable Channel (Version 100.0.1185.36) incorporates the latest Security Updates of the Chromium project” the company said in a statement. This brings Edge into line with Chrome, Vivaldi, Opera and Brave. To get it, follow these steps:
- In Microsoft Edge, click on the 3 dots (“…”) in the top right-hand corner of the browser window
- Click on ‘Help and Feedback’
- Click on ‘About Microsoft Edge’
Like other Chromium browsers, this will force Edge to check for updates and install the latest version. To be protected after the update, you must restart the browser. Chrome fans will argue that one of the most compelling reasons to choose it over other Chromium-based browsers is the synchronicity with which the two are updated.
That said, the biggest reason to choose an alternative is the focus on privacy — notably with Brave and Vivaldi, even if updates can be slightly delayed. As such, while your choice of browser is a matter of personal preference and priority, whatever version of Chromium you use, keeping it up to date has never been more important.
Little is currently known about the new exploit, with Google saying that “Access to bug details and links may be kept restricted until a majority of users are updated with a fix.” Consequently, all the company is prepared to disclose is the threat level, tracker, area of exploitation and source:
- High – CVE-2022-1232: Type Confusion in V8. Reported by Sergei Glazunov of Google Project Zero on 2022-03-30
In response to this latest threat, Google has announced Chrome 100.0.4896.75. It is not immediately available to all, with Google warning it “will roll out over the coming days/weeks.” To manually check for the update, click the three dots in the top right corner of the browser and navigate to Settings > Help > About Google Chrome.
Remember: Chrome must be restarted after updating. You are not safe until this is done. And with Google warning that the number of successful browser hacks is rising rapidly, do not delay. Make this the next thing you do after reading this article.
Follow Gordon on Facebook
More On Forbes
Google Confirms Rise In Serious Chrome Attacks — And Why
Second Zero-Day Hack Hits Chrome In 2022