Google releases security update for Chrome that is exploited actively
Google published a security update for its Chrome Stable web browser that addresses a security issues that is exploited in the wild. Other browser makers who use Chromium, the core that Chrome uses, have released security updates as well already, or will in the near future.
Google released the update to the Chrome Stable channel, the Chrome Extended Stable channel, and for Chrome for Android. Chrome Stable's version increases to 107.0.5304.121 for Mac and Linux and 107.0.5304.121/.122 for Windows, the Chrome Extended Stable version increases to 106.0.5249.199, and the Chrome for Android's version is 107.0.5304.141 after the update.
Desktop users of Chrome may run a manual check for updates to download the update immediately. All it takes is to load chrome://settings/help or select Chrome Menu > Help > About Google Chrome to do so. The page that opens displays the current version that is installed on the device and runs a check for updates. Any update that is found during the scan is downloaded and installed.
All updates address a single security issue in the browser. Google lists it as CVE-2022-4135: Heap buffer overflow in GPU, and assigned it a severity rating of high. High is second only to critical in the severity scale.
Google notes that the issue is exploited in the wild. Chrome users should update the browser immediately to protect the browser from potential attacks.
Google Chrome for Android updates automatically. There is no option to speed up the process, as Google Play lacks an option to run a manual scan for updates, similarly to how it is done on the desktop.
Google had patched 10 security issues in Chrome 107, which was released to the stable channel a few weeks ago. The search giant is testing a new security feature called Encrypted Client Hello (ECH) in Chrome Canary.
Brave updates as well
Brave Browser was one of the first third-party Chromium-based browsers to release an update that addresses the security issue. The release notes merely state that the browser has been updated to Chromium 107.0.5304.141, but the official Twitter account confirms that the update patches the security issue in the browser.
Brave desktop users may load brave://settings/help to display the installed version and run a check for updates.
Other browsers, including Microsoft Edge, Vivaldi or Opera, have no update available yet that addresses the security issue.
Now you: do you use a Chromium browser? Has it been updated yet?