Google Chrome is asking users to update their browsers after the Internet giant revealed hackers are privy to a “zero-day” bug that could give attackers access to your private information.
A zero-day bug is a security vulnerability known to hackers before the vendor is aware, and it’s already being used by hackers.
While Google says it has resolved 11 security vulnerabilities ranging from medium to critical impact in its latest update, one may still be known to hackers.
“Google is aware that an exploit for CVE-2022-2856 exists in the wild,” according to an August 16 press release.
CVE-2022-2856 marks the fifth zero-day that Google has experienced in 2022, per Forbes.
Since zero-day hacks may be unbeknownst to the vendor, there is no patch for the vulnerability.
Google has yet to share specific details about the zero-day bug but said in their press release that “access to bug details and links may be kept restricted until a majority of users are updated with a fix.”
However, they do reveal that it was reported by hackers from the Google Threat Analysis Group on July 9, and described the issue as “Insufficient validation of untrusted input in Intents.” Here, “intents” is how Chrome processes user input, meaning a possible input could be interfering with Google’s code.
The day before reporting the vulnerability, Google Chrome shared two tweets about zero-day bugs.
What are zero-day exploits — and how does #Chrome protect you from them?
ICYMI: Watch as Security Sheriff Adrian Taylor explains why these bugs are the highest priority for Chrome’s security team → https://t.co/p3QNGQQ7Cz pic.twitter.com/JjUbdW3Pa4
— Chrome (@googlechrome) August 15, 2022
In the video, “Security Sheriff” Adrian Taylor says “all software can have bugs, even that built to the highest engineering standards like Chrome.” Explaining that “malicious websites” may use bugs to steal your information, he said, “We address any security bug with great urgency, but with even more urgency for zero-day bugs.”
As Chrome gains more visibility into how attackers use zero-day bugs, we’re becoming more sophisticated in how we discover and fix vulnerabilities. Learn how we’re adding even more layers of defense that make it difficult for attackers to bypass: https://t.co/s61p1Sa1kS
— Chrome (@googlechrome) August 15, 2022
To best protect yourself, it’s advised to update your Google Chrome browser and app. While it should automatically update, users can check by going to About Google Chrome in your browser menu, which will force check for any possible updates.