Skip to main content

Update Google Chrome now to protect yourself from an urgent security bug

Google posted a security update for its Chrome browser that fixes what’s known as a zero-day bug. The problem affects Chrome on Windows, Mac, and Android. The flaw can lead to arbitrary code execution, a serious security vulnerability, so it’s best to download and install the latest version immediately. Zero-day bugs mean that this is a known weakness and, in this case, Google said that the flaw is already being exploited by hackers.

Google did not post a detailed explanation of how the exploit works, but will do so when the majority of people have updated, making the danger of further attacks less severe. The most severe bug is identified as CVE-2022-2294 and the update also patches CVE-2022-2295 and CVE-2022-2296.

Google Chrome app on s8 screen.
Dennizn / Shutterstock

Although details are scarce, the exploit is being used by hackers in the wild, so we recommend updating Chrome immediately. The exploit may allow arbitrary code execution on your desktop, which has the potential to give hackers full access to your PC.

Recommended Videos

This is the fourth Chrome zero-day bug fixed this year, with previous fixes arriving in February, March, and April, signaling an increase in hacking attempts. It would be best to enable automatic Chrome updates while on the *About Chrome* page to get these problems taken care of as soon as possible.

Please enable Javascript to view this content

How to protect yourself

To install the latest version of Google Chrome on Windows or Mac, open the app and click the three vertical dots at the top-right to see more options. In the Help menu, choose About Chrome to see information about the browser. In most cases, Chrome will automatically start the update process so that only a relaunch is required to finish the installation. If an update button appears, click it, then relaunch the app to finish and secure the browser from attacks.

From the About Chrome page, relaunch to update.
Image used with permission by copyright holder

If the latest version is already installed, no update is necessary, and not every computer is affected. The Chrome Stable channel on Windows and Extended Channel on both Windows and Mac require the update. By default, Chrome is on the Stable channel, which is best for most users and is least likely to have problems.

Alan Truly
Alan Truly is a Writer at Digital Trends, covering computers, laptops, hardware, software, and accessories that stand out as…
Update your Chrome browser now to gain this critical security feature
Google Chrome icon in mac dock.

Yesterday, in a blog post on Google's security blog, Willian Harris from Chrome's Security Team said that Google is improving the security of Chrome cookies on Windows PCs by adopting a similar method used in macOS to help protect users from info-stealing malware.

The security update addresses session cookies that authenticate your identity when you switch apps without logging back in. Google wants to adopt the security system used by Keychain on macOS and start using "a new protection on Windows," which updates Data Protection API (DPAPI) and brings a new security tool called "application-bound" encryption.

Read more
This new Google Chrome security warning is very important
The Google Chrome logo on a black phone which is resting on a red book

Google is changing how it warns its users about suspicious files on Chrome by adding new full-page warnings and cloud scanning regarding suspicious downloads, according to Windows Report. This is an attempt to explain more precisely why it blocks specific downloads. Google says that the AI models will divide the warning into two categories: "suspicious" or "dangerous."

The new warning system primarily benefits those using the anti-phishing Enhanced protection feature. The files users upload to the cloud for an automatic scan and those that undergo a deep scan are 50 times more likely to have the AI flag them as malware.

Read more
Google is cracking down on internet security in this big way
Connection is not private warning from Google.

Google is making some serious changes to digital certificate security on the web, the company announced on its Security blog. The big news is that Google will no longer trust certificates from two large security firms -- Entrust or AffirmTrust -- due to repeated security lapses.

According to Google, the companies, which are Certificate Authorities (CA), have demonstrated patterns of unmet improvement commitments, compliance failures, and no measurable progress in how fast the company responds to publicly disclosed incident reports.

Read more