Update Chrome ASAP (Again) | Lifehacker

Update Chrome ASAP (Again) | Lifehacker


If you happened to catch my advice on Tuesday to update Chrome as soon as possible, it might come as a surprise to see me repeating myself just three days later. Nevertheless, it really is time to update Chrome again, as Google has disclosed yet another zero-day vulnerability impacting its popular browser.

The company announced the update in a post on its Chrome Releases site on Thursday: The new version numbers are 125.0.6422.112/.113 for Windows and Mac, and 125.0.6422.112 for Linux. No matter which platform you use, this update patches one single security flaw, tracked as CVE-2024-5274. CVE-2024-5274 is a type confusion flaw—a vulnerability where your code doesn’t check the type of the object it is processing. When this lack of oversight occurs, it can lead to the code processing the wrong data, which bad actors can take advantage of to run their own code in the process. That, of course, isn’t good.

The greater issue, however, is that this vulnerability is a zero-day: Google confirmed it is aware there is an active exploit for the flaw in the wild, which means someone somewhere not only knows of the existence of the vulnerability, but they’ve actively taken advantage of it.

It’s good that Google has a patch available for the public to protect against this vulnerability, but there’s a concerning trend emerging here: CVE-2024-5274 is the fourth zero-day vulnerability Google has patched this month, and the eighth in 2024. Security vulnerabilities are an inevitability with software (cracks in the system will always, eventually, be discovered), but it’s imperative that developers and the researchers they work with discover the flaws before malicious users do, especially with major programs like Chrome. When companies like Google discover and patch flaws after they’ve been discovered and exploited by bad actors, it puts all users at risk.

Hopefully, it’ll be a while before we hear about another zero-day affecting Chrome. Until then, it’s best to update your browser ASAP. Remember: Any time Chrome has a security patch, it affects all Chromium-based browsers, including Edge, Brave, and Opera.

How to update Chrome to patch this zero-day

To update Chrome, click the three dots in the top-right corner of your browser window, then navigate to Help > About Google Chrome. Allow Chrome to search for a new update, then follow the on-screen instructions to download and install it.



by Life Hacker