Google has released a fix for a vulnerability in its Chrome browser that is being actively exploited. This is the seventh zero-day vulnerability that Google has patched in Chrome so far this year. Google has not revealed many details about the flaw apart from noting that it is a type confusion bug in the V8 JavaScript and WebAssembly engine. October has seen a bumper crop of updates, including patches from Apple, Microsoft, Google, Zoom, Cisco, VMware, and SAP.
Note
- Keeping Chrome up to date is usually quite easy. But don’t forget that to apply any updates, you need to restart Chrome. I suggest restarting as you start the day in the morning to not delay any updates.
- When you’re popular, you get attacked – just ask the Windows security team. I applaud those who make patching fast and transparent, like the Chrome team. The same cannot be said for tablets, networking gear, IOT devices, software libraries…
- This isn’t what we mean when we say Halloween can be a scary time of year. By now you should be leveraging every trick in the book to keep your Chrome/Chromium browsers updated – including enforced limits on browser refresh after an update, so you should be able to scan and remediate stragglers fairly easily. If you’re in the federal sector, make sure that you’re tracking updates for those data calls on pushing out these as well as Apple, Chrome, VMware, Cisco, etc. updates.
- Browsers are general, flexible, feature rich, and complex; they leak. Prefer purpose built applications.
Read more in