Google Chrome update urgently required for billions of users after security flaw discovered

Bug impacts anyone using the browser on Windows, Mac or Linux

Anthony Cuthbertson
Monday 28 March 2022 11:35 EDT
Comments
A security flaw with the popular Google Chrome browser means billions of users need to update
A security flaw with the popular Google Chrome browser means billions of users need to update (Getty Images)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Google has urged billions of users of its Chrome browser to update the app after a major security flaw was discovered.

The world’s most popular web browser has a so-called ‘zero-day’ vulnerability, meaning it was discovered before any security fix was in place to protect people.

This makes it the most dangerous form of cyber risk, as hackers are able to take advantage of it while users were waiting for a patch to be put in place.

The Google Chrome bug impacts anyone using the browser on Windows, Mac or Linux desktop operating systems.

The update, which brings the browser up to version 99.0.4844.84, contains 11 security fixes for the vulnerabilities, with nine of them given a “high” threat level, one given a “medium” threat level, and one labelled “critical”.

In order to update the Chrome browser, users are advised to click on the three dots in the top right-hand corner of the web browser and follow the instructions to update.

Microsoft said the zero-day vulnerability also impacted its Edge browser, prompting the software giant to issue its own security fix.

Google only released limited information about the security flaw in an effort to prevent hackers using it to perform cyber attacks.

“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” the company said in a blog post detailing the issue.

“We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.”

A previous zero-day vulnerability discovered within Chrome was exploited by North Korea, Google’s threat analysis group claimed earlier this year.

“We observed the campaigns targeting U.S. based organizations spanning news media, IT, cryptocurrency and fintech industries,” the company said.

“However, other organizations and countries may have been targeted. One of the campaigns has direct infrastructure overlap with a campaign targeting security researchers... The exploit was patched on 14 February, 2022. The earliest evidence we have of this exploit kit being actively deployed is 4 January 2022.”

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in