Google has released an emergency update for its Chrome 100 browser. The developers have eliminated a 0-day gap in it.
Just before the long Easter weekend, Google released an emergency update for its Chrome browser. Google is thus closing a security hole in Chrome that is apparently already being exploited for attacks. The April 14 security update brings Chrome to version 100.0.4896.127 for Windows, macOS, and Linux. Chrome for Android is also affected.
In the Chrome Release Blog, PrudhviKumar Bommana lists the vulnerability under the identifier CVE-2022-1364. This is a type confusion in the Javascript engine V8. Vulnerabilities of this type have appeared several times in V8 recently. If read-in data is assigned to the wrong variable type (e.g. integer instead of text), a lot can basically happen. Anyone who specifically exploits such a gap can inject and execute code, for example. The flaw was discovered by Clément Lecigne from Google’s Threat Analysis Group (TAG). This suggests that the gap is actually already being used for attacks.
As always, Google has not published details of another vulnerability found internally. As a rule, Chrome updates itself automatically when a new version is available.
▶The latest security updates
Other Chromium-based browsers
The manufacturers of other Chromium-based browsers now have to follow suit with corresponding updates, but some (Microsoft Edge, Opera) are not even up to date with the previous Chrome update. Brave and Vivaldi are at least up to date with Chrome’s security update earlier this week. Microsoft’s Edge browser, on the other hand, is already two Chrome updates behind schedule.
Opera still has the move to Chromium 100 ahead of it. The current Opera version 85.0.4341.60 still contains Chromium 99.0.4844.84, which corresponds to the security level of the last Chrome release before 100 (March 25). Opera 86 (with Chromium 100) is still in beta. This means that Opera is now already four security updates and more than 40 vulnerabilities behind schedule.
Chrome 100.0.4896.127 for Android is also already available. Google will release Chrome 101 on April 26th.
Chromium-based browsers at a glance:
|
browsers |
version |
Chromium version |
|---|---|---|
|
Google Chrome |
100.0.4896.127 |
100.0.4896.127 🟢 |
|
brave |
1.37.114 |
100.0.4896.88 🟠 |
|
Microsoft Edge |
100.0.1185.39 |
100.0.4896.75 🟠 |
|
Opera |
85.0.4341.60 |
99.0.4844.84 🔴 |
|
Vivaldi |
5.2.2623.34 |
100.0.4896.92 🟠 |
|
Chromium-based browsers as of 04/14/2022 | ||
