If you recently updated Google Chrome to version 104, you might be surprised to learn there’s already another update available for your browser. After all, the last update patched 27 security vulnerabilities: What’s left to update? Apparently, quite a bit, including a new security flaw that hackers already know how to exploit.
Google announced the update in a Chrome Releases blog post Tuesday, Aug. 16. This new Chrome version is 104.0.5112.101 for Mac and Linux and 104.0.5112.102/101 for Windows, and is now available on all platforms.
The patch includes fixes for 11 security vulnerabilities, of which one is labelled critical, six are labelled high-severity, and three are labelled medium-severity. However, the real story concerns one of the high-severity vulnerabilities, identified as CVE-2022-2856: Google confirmed an exploit for this flaw exists in the wild, making it a zero-day vulnerability.
Zero-days are dangerous. While most security vulnerabilities are never exploited before a patch is available, some are. When someone is successful at not only discovering a flaw in software, but figuring out how to use it against others, that vulnerability becomes a zero-day — CVE-2022-2856 is one such vulnerability.
The flaw stems from an “insufficient validation of untrusted input in Intents.” According to Bleeping Computer, this type of flaw can lead to issues such as “buffer overflow, directory traversal, SQL injection, cross-site scripting, null byte injection, and more.” It’s a long list of consequences that could compromise your system, and since there’s an exploit for it in the wild, updating Chrome should be a priority.
However, it isn’t only this zero-day that should convince you to update: The other 10 issues are still important to patch, since their identities are now known. Hackers could still find ways to exploit these vulnerabilities, so it’s important to update to protect yourself across the board.
How to update Google Chrome
Whether you’re on Mac, Windows, or Linux, you can quickly update Chrome to patch not only this zero-day vulnerability, but the other 10 flaws, as well. Click the three dots in the top-right corner of your browser window, then go to Help > About Google Chrome. Allow Chrome to look for a new update. If one is available, you’ll be able to click “Relaunch” to install it.
If you have automatic updates enabled, you can simply wait for Chrome to install the update on its own. However, that could take a matter of weeks — the fastest way to secure your browser is to update Chrome yourself.