Google Chrome update urgently required for billions of users after security flaw discovered

Sign up to our free weekly IndyTech newsletter delivered straight to your inbox

Sign up to our free IndyTech newsletter

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy policy

Google has urged billions of users of its Chrome browser to update the app after a major security flaw was discovered.

The world’s most popular web browser has a so-called ‘zero-day’ vulnerability, meaning it was discovered before any security fix was in place to protect people.

This makes it the most dangerous form of cyber risk, as hackers are able to take advantage of it while users were waiting for a patch to be put in place.

The Google Chrome bug impacts anyone using the browser on Windows, Mac or Linux desktop operating systems.

The update, which brings the browser up to version 99.0.4844.84, contains 11 security fixes for the vulnerabilities, with nine of them given a “high” threat level, one given a “medium” threat level, and one labelled “critical”.

In order to update the Chrome browser, users are advised to click on the three dots in the top right-hand corner of the web browser and follow the instructions to update.

Microsoft said the zero-day vulnerability also impacted its Edge browser, prompting the software giant to issue its own security fix.

Google only released limited information about the security flaw in an effort to prevent hackers using it to perform cyber attacks.

“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” the company said in a blog post detailing the issue.

“We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.”

A previous zero-day vulnerability discovered within Chrome was exploited by North Korea, Google’s threat analysis group claimed earlier this year.

“We observed the campaigns targeting U.S. based organizations spanning news media, IT, cryptocurrency and fintech industries,” the company said.

“However, other organizations and countries may have been targeted. One of the campaigns has direct infrastructure overlap with a campaign targeting security researchers... The exploit was patched on 14 February, 2022. The earliest evidence we have of this exploit kit being actively deployed is 4 January 2022.”