Emergency Google Chrome update patches exploit abused in attacks

Google Chrome browser app on iPhone
(Image credit: Shutterstock)

A new update to Google Chrome has been released in response to a single high severity zero-day security vulnerability, known as CVE-2022-3075.

Google said it was “aware of reports” that the vulnerability to its web browser has been exploited in the wild.

The latest update will now fully roll out for all Chrome desktop users as part of the Stable Desktop channel, to all those on Windows, Linux, and Macs.

Am I protected?

You can check that you're fully updated by opening up Chrome and heading to “Menu > Help > About Google Chrome”.

Google said it wasn’t ready to provide any more information about the vulnerability or how it works just yet, likely intended as a precaution to stop cybercriminals attempting to take advantage of it before its userbase is fully updated.

However, the search giant did disclose that the vulnerability was reported by an anonymous security researcher.

There have been very serious reports of instances when Google Chrome zero-day vulnerabilities have been utilized by hackers.

According to a report by Google’s Threat Analysis Group (TAG), North Korean state hackers used a zero-day, remote code execution vulnerability in Chrome to attempt to launch state-sponsored cyber attacks.

It was over a month until the patch became available, according to the report.

Google has patched six zero-day vulnerabilities in Chrome since the start of 2022, including CVE-2022-0609, CVE-2022-1096, CVE-2022-1364, CVE-2022-2294, and CVE-2022-2856.

This type of vulnerability could also impact users of browsers based on Google's open-source Chromium software, such as Microsoft Edge, Opera, or Samsung internet and it would be in their best interests to ensure their browsers are updated.

Unfortunately for consumers everywhere, Google Chrome remains a common endpoint that criminals use to compromise users.

According to recent research from McAfee, over 1.4 million users had malicious Google Chrome extensions inside their browsers, which modify the victim's cookies whenever they visit online retailers in an attempt to net affiliate fees from their purchases.

  • Scared your tools aren't getting the right updates when they need them? Check out our guide to the best patch management tools

Will McCurdy has been writing about technology for over five years. He has a wide range of specialities including cybersecurity, fintech, cryptocurrencies, blockchain, cloud computing, payments, artificial intelligence, retail technology, and venture capital investment. He has previously written for AltFi, FStech, Retail Systems, and National Technology News and is an experienced podcast and webinar host, as well as an avid long-form feature writer.