Google has issued its third urgent update for Chrome, one that patches another zero-day vulnerability in the highly-used desktop web browser.
Released on Thursday, the Stable Channel Update for Google Chrome's desktop variant brings the browser to version 100.0.4898.127, on macOS, Windows, and Linux. According to Google, the update will roll out over the coming days and weeks, but users may want to force the update earlier.
The update includes a pair of security fixes, including a "type confusion" vulnerability designated as CVE-2022-1364. The bug was reported by a member of the Google Threat Analysis Group on April 13, with Google rapidly bringing out a fix for it, writes The Register.
The bug in question is reckoned to be a high-severity zero-day, which is actively being used by attackers. Once performed, it can cause a browser to crash or trigger an error, which has the potential to allow arbitrary code to be executed.
The type of bug is similar to an issue that Google patched on March 26, which involved another "type confusion" weakness in Chrome's V8 JavaScript engine. Again, the latest exploit uses the same vector of the V8 JavaScript engine.
Google says it is "aware that an exploit for CVE-202201364 exists in the wild," a factor that contributed to the quick creation of a fix. However, rather than provide explicit details of the bug, Google says it is restricting access to that information until "a majority of users are updated" and therefore protected.
The update to the new version can be performed automatically for the user, though it can be manually performed in macOS by selecting "Chrome" in the main menu followed by "About Google Chrome." Once the update has been downloaded, click "Relaunch."