Chrome 100.0.4896.127 update available

Google has released an emergency update for the Chrome browser. The update eliminates a 0-day vulnerability.

This security vulnerability is already being exploited for attacks. This security update brings Chrome to version 100.0.4896.127 for Windows, macOS, and Linux. Chrome for Android is also affected.

The Chrome Release Bloglists the vulnerability under the identifier CVE-2022-1364. This is a type confusion in the JavaScript engine V8. Vulnerabilities of this type have appeared several times in V8 recently. If read-in data is assigned to the wrong variable type (e.g. integer instead of text), a lot can basically happen. Anyone who specifically exploits such a gap can inject and execute code, for example. Google has not published details of another vulnerability found.

The manufacturers of other Chromium-based browsers now have to follow with corresponding updates. Brave has already reacted and updated to version 1.37.116 a few hours after Google's emergency patch. Vivaldi followed suit on April 15 and released an update to version 5.2.2623.39. It already contains Chromium 100.0.4896.133. Microsoft has meanwhile updated its Edge browser to the new version 100.0.1185.44, which is based on Chromium 100.0.4896.127. Edge is thus back to the same level of security as Chrome, Brave and Vivaldi.

Opera still has the move to Chromium 100. The current Opera version 85.0.4341.60 still contains Chromium 99.0.4844.84, which corresponds to the security status of the last Chrome release before 100 (March 25). Opera 86 (with Chromium 100) is still in beta. This means that Opera is now already four security updates and more than 40 vulnerabilities behind schedule.

Chrome 100.0.4896.127 for Android is also already available.