Google released an update to Chrome on Friday that includes a fix for a high-severity zero-day bug that made it into the browser, an update that is available now for macOS.
The Chrome Team said on Friday there was a "Stable Channel Update for Desktop" that brings Chrome up to version 99.0.4844.84 on macOS, as well as Windows and Linux. The update is important, as it fixes a high-severity bug in the browser.
The issue, identified as CVE-2022-1096, is a "type confusion" weakness for Chrome's V8 JavaScript engine, reports Bleeping Computer. Identified by an anonymous security researcher, details of the bug's workings are being kept restricted until "a majority of users are updated with a fix."
Google is being purposefully cagey about the details of the exploit, since it says it detected attacks actively using it. The team also insists that restrictions on the exploit's details will stay in place if the same bug exists in third-party libraries that other projects rely on, that have yet to be fixed.
Type confusion refers to a bug that can crash a browser due to the reading and writing of memory out of buffer bounds. As well as causing crashes, the bug can also be used by an attacker to execute code.
Google didn't say when it would expect to reveal details of the vulnerability, but that may depend on how long it takes for a sufficient number of users to update their browsers.
The update to the new version is available as an automatic update, though it can be manually performed in macOS by selecting "Chrome" in the main menu followed by "About Google Chrome." Once the update has been downloaded, click "Relaunch."