Google Chrome under attack via zero-day flaw — what to do now

The Google Chrome logo displayed on a laptop screen.
(Image credit: monticello/Shutterstock)

Update: Google issues urgent security fix for Chrome — update right now.

If you use the Google Chrome browser, you’re advised to stop what you’re doing and update immediately. Google has published a security advisory that accompanied the release of Chrome 100.0.4896.127 for Windows, Mac and Linux warning of a high-severity zero-day flaw that’s actively being exploited by hackers.

“Google is aware that an exploit for CVE-2022-1364 exists in the wild,” the company wrote.

For obvious reasons, Google is cagey about the exact nature of the vulnerability. These things are typically fully outlined only once the vast majority of people are protected from it, in order to blunt the risk of an attack. 

But what we do know is that CVE-2022-1364 is a so-called “confusion” weakness in Chrome’s V8 JavaScript engine. This type of flaw often leads to browser crashes by reading or writing memory of out buffer bounds, but the high severity label for this specific bug suggests that it could be the rarer kind that allows attackers to execute damaging code.

The Google Threat Analysis team’s Shane Huntley reported that the exploit was discovered by his teammate Clément Lecigne, and the fix was implemented within 24 hours. Notably, it’s the third zero-day threat fixed in 2022, after CVE-2022-0609 and CVE-2022-1096 were squashed earlier this year.

See more

How to update Chrome now

While Google says that the update to 100.0.4896.127 will be rolled out in the coming days and weeks, given the risks involved, we’d suggest you ensure you have it as soon as it’s available.

In Google Chrome, use your mouse cursor (or your finger if you're on a touchscreen) to click the three vertical dots at the top right of the browser toolbar, then scroll down to and hover your cursor over Help in the menu that appears. 

A fly-out menu will appear; click on "About Google Chrome," and Chrome will open a new tab listing your version number. If your browser needs an update, this tab will automatically begin the process and then prompt you to relaunch.

Assuming the vulnerability is universal to all Chromium-based browsers, we should also see the likes of Microsoft Edge, Brave, Opera and Vivaldi all seeing patches of their own in the near future, so keep an eye out if you’re outside of Chrome.

Alan Martin

Freelance contributor Alan has been writing about tech for over a decade, covering phones, drones and everything in between. Previously Deputy Editor of tech site Alphr, his words are found all over the web and in the occasional magazine too. When not weighing up the pros and cons of the latest smartwatch, you'll probably find him tackling his ever-growing games backlog. Or, more likely, playing Spelunky for the millionth time.