Google has released an unplanned update for Chrome on Saturday. The update closes a security vulnerability in the web browser that is currently being attacked.

Vulnerability in JavaScript engine

The vulnerability, for which an exploit exists in the wild, as Google puts it in the Chrome Releases blog, affects the JavaScript engine V8. Due to a type confusion, attackers can apparently plant malicious code on a victim's computer relatively easily (CVE-2022-4262). Therefore, Google classifies the vulnerability as high risk.

A type confusion vulnerability occurs when resources with an incompatible data type are accessed in the program code. For example, memory areas can be overwritten by mistake. According to the CVE entry attackers can use prepared websites to trigger memory scrambling on the heap.

With the update to Google Chrome 108.0.5359.79 for Android, 108.0.5359.94 for Linux and Mac and 108.0.5359.94/.95 for Windows, the developers fix this security-related error. Since the automatic update will be distributed in the coming days to weeks, according to Google, Chrome users are better off triggering the update manually.

Checking the currently running version of Chrome begins with a click on the Chrome settings menu, which can be found behind the icon with the three stacked dots to the right of the address bar. At the bottom of the menu, go to Help and then click About Google Chrome. The dialog that opens shows the version currently in use and, if available, triggers the download and installation of the update. As usual, Linux users have to start their own distribution software management. Android and iOS users can check for updates in their device's app stores.

Since the JavaScript engine V8 is also used in the Chromium browser, other Chromium-based web browsers such as Microsoft's Edge are very likely to be updated shortly. Users should install them quickly due to the exploit in the wild.

Last Wednesday Google had just released the update to the 108 development branch. Closing 28 security vulnerabilities was also a priority here.