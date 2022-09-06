Google this weekend released a new critical update for the Chrome browser, fixing a security hole that could allow attacks against Windows, Linux and macOS users. Details on the exploit are still scarce, as the company says the opening is already being actively exploited by criminals, with the request being to install it as quickly as possible by users.

According to the official statement, the breach is in a file validation system of Mojo, a collection of libraries used in the Chromium browser, which is the basis of Google Chrome. There would be some shortcomings in this check, according to the company, which said it will release more details about the problem once more users have the update installed.

The idea shows the severity of the breach and is also a responsible disclosure policy, as disclosing details could lead more criminals to take advantage of the opening, betting on users’ delay in installing the update. Google did not elaborate on the characteristics of the attacks that are taking place, with scams involving failure to verify files, commonly involving the installation of malware that allows data hijacking, cryptocurrency mining, information theft and other such activities. .

Google Chrome users should receive critical update automatically; to install manually, just access the three dots menu, at the top right, and select the options “Help” and “About Google Chrome” (Image: Screenshot/Felipe Demartini/Canaltech)

The update brings Chrome to version 105.0.5195.102 and should install automatically for most users. For others, the recommendation is to download immediately as soon as the alert about the update appears on the screen, as well as for corporations that have policies for mass delivery of patches to all computers on a network.

In the opening statement, Google thanked the security community and especially the researcher who pointed out the issue to the company. He has not been identified, but will receive a discovery reward as part of the company’s bug bounty program.

Source: Google