Chrome Gets Urgent Patch for Zero-Day Exploit

Google has issued a third zero-day bug warning for Chrome this year. While the browser will auto-update, it's a reminder not to leave it open indefinitely.

In short, a zero-day bug refers to the time developers discovered the problem and were able to roll out a fix. Ideally, they'll have a head start and can either get the patch in place before would-be attackers even start working on exploiting it. In this case, however, attackers not only know about the bug but are already taking advantage before developers can roll out a fix.

Memory Compromised

This particular bug is described as a "type confusion vulnerability." In simple terms, it involves Chrome using an object (a set of data) without checking what type of object it is. That can cause problems if the computer has not allocated the right amount of memory to handle it. (Source: lifehacker.com)

Normally the worst that happens here is that the memory problem causes the application (Chrome) to crash. However, an attacker who knew what they were doing could exploit the problem to access other data in the computer's memory. (Source: theregister.com)

Although it's a zero-day bug, Google did act quickly in patching it. It appears to have started rolling out a fix within 24 hours of first identifying the problem.

Update Needs Restart

In most cases, Chrome should update itself automatically with no need for user interaction. However, it may not complete the update until the browser starts up (or restarts). That means users who keep a Chrome tab open indefinitely could be late to get the update.

Users who are worried the update isn't in place can click on the Chrome menu (the three vertical dots in the top right corner), select Help and then select About Google Chrome. This will then check whether an update is available and let the user manually start the update process. At time of writing, the most current version of Chrome is 100.0.4896.127.

What's Your Opinion?

Do you give much thought to browser updates? Do you often leave browser windows open when you aren't actively using your machine? Had you realized this could affect updates?