THE Google Chrome received this Thursday (14) an update to fix a serious security flaw, which could allow the execution of malicious code by criminals. The breach is of the zero-day type, that is, it means that it was already exploited by cybercriminals for attacks on users before being noticed by the developers, who now recommend the quick application of the update.

As always happens in cases like this, not many details of the vulnerability were disclosed, precisely to avoid giving all the revenue to the criminals. But according to the official information, the resource type confusion problem is in the V8 JavaScript engine, used by Google in Chrome, allowing the writing or reading of data outside the limits of memory.

Typically, this kind of fragility leads to browser crashes. However, security experts say the hole has also been used to execute code remotely without the user’s knowledge, which could lead to attacks involving the installation of malware or data theft, to name a few.

The new version of Chrome is 100.0.4896.127, which should be available to all users around the world in the next few weeks and should be applied automatically, as usual in the software. However, due to the serious nature of the opening, those who wish to receive it can now do so through the browser’s help options, in “About Google Chrome”.

As stated, the details of the vulnerability should only be released once the update is disseminated among the browser’s user base. The opening discovery is by Clément Lecigne, an expert who is part of Google’s own threat analysis group. This is the third zero-day breach the company has mitigated in Chrome in 2022 alone.

Source: Google Chrome