New Google Chrome zero-day allows arbitrary code execution
Google says it has fixed a high-severity flaw in its Chrome browser which is currently being exploited by threat actors in the wild.
In a security advisory, the company described the flaw being abused and urged the users to apply the fix immediately.
The flaw was discovered by Clement Lecigne from the Google Threat Analysis Group (TAG). Usually, TAG works on finding flaws abused by nation-states, or state-sponsored threat actors. There is no word on who the threat actors abusing this flaw are, though.
“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” Google said. “We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.”
To remedy the vulnerability, users should make sure to update their browsers to version 112.0.5615.121 as soon as possible. The fix addresses the flaw on Windows, Mac, and Linux operating systems. To bring the browser up to date, users should head over to the Chrome menu (three horizontal dots in the upper right corner of the window) and navigate to Help > About Google Chrome. For us, the update was available immediately upon pressing the “check for new updates” button. Google, however, claims that the update should be available to all Chrome users “in the coming days and weeks”.
The update also required a browser reboot.