Update Chrome ASAP (again)

If you happened to hear me recommend updating Chrome as soon as possible on Tuesday, you might be surprised to see me repeat myself three days later. Still, it's definitely time to update Chrome again, as Google has revealed another zero-day vulnerability affecting its popular browser.

The company announced the update in a post on its Chrome release site on Thursday: the new version number is 125.0.6422.112/.113 for Windows and Mac, and 125.0.6422.112 for Linux. Regardless of which platform you are using, this update fixes a security vulnerability numbered CVE-2024-5274. CVE-2024-5274 is a type confusion flaw, where your code does not check the type of the object it is handling. When this lack of oversight occurs, it can result in code handling incorrect data, which bad actors can exploit to run their own code within the process. Of course this is not good.

The bigger issue, however, is that the vulnerability is a zero-day: Google confirmed it knew the vulnerability was being actively exploited, which means someone, somewhere, not only knew it existed, but they also knew it existed . We took advantage of it aggressively.

It's a good thing that Google has made a patch available to the public to protect against this vulnerability, but here's a worrying trend: CVE-2024-5274 is the fourth zero-day vulnerability Google has patched this month, and it's also the 2024 The eighth vulnerability. Software vulnerabilities are inevitable (vulnerabilities in systems will eventually be discovered), but developers and researchers must find vulnerabilities before malicious users do, especially in a major program like Chrome. When companies like Google discover and patch flaws after they have been discovered and exploited by bad actors, all users are put at risk.

Hopefully it will be a while before we hear about another zero-day vulnerability affecting Chrome. Until then, it's best to update your browser as soon as possible. Remember: Whenever Chrome releases a security patch, it affects all Chromium-based browsers, including Edge, Brave, and Opera.

How to update Chrome to patch this zero-day vulnerability

To update Chrome, click the three dots in the upper right corner of the browser window and navigate to Help > About Google Chrome . Allow Chrome to search for new updates, then follow the on-screen instructions to download and install it.