web analytics
Home » Technology » Internet » Google Chrome Emergency Update Fixes Critical Zero-day Security Flaw

Google Chrome Emergency Update Fixes Critical Zero-day Security Flaw

Google Chrome extensions

Google is urgently rolling out a new update to Chrome. After the discovery and publication of a critical security flaw, the Mountain View giant was forced to shake up its deployment schedule. Rather than rolling out the final version of Chrome 90, Google is pushing Chrome 89.0.4389.128 first, an iteration that includes a fix.

A few days ago Rajvardhan Agarwal, an Indian computer security researcher, disclosed the existence of a serious zero-day flaw in Chromium, the rendering engine behind Chrome, on Twitter and Github. This unpatched breach allows remote code execution on a computer via the V8 JavaScript engine.

By relying on this flaw, and bypassing the Chrome sandbox, Rajvardhan Agarwal managed to launch the calculator tool from a remote computer. Recognizing the risks, JavaScript incorporated a patch into the JavaScript V8 code several days ago.

Google Deploys Chrome 89.0.4389.128

Initially, Google planned to include the JavaScript V8 patch in Chrome version 90, which was nearing deployment. Rajvardhan Agarwal’s revelations have forced Google to reconsider its plans. Rather than wait for the arrival of Chrome 90, the company rushed to launch a new version of Chrome 89, Chrome 89.0.4389.128. This unplanned intermediate version contains a fix for the security vulnerability.

In the process, the search engine incorporates a fix for another recently identified flaw. This breach concerns Blink, the WebKit-derived HTML rendering engine designed to display web pages. In a blog post, Google assures us that the two flaws are actively exploited by hackers. That’s why the company was quick to push the fixes.

To update Chrome, you can go directly to the Google website. To manually update the browser, you are invited to click on More at the top right of the interface and choose to Update Google Chrome. The latest version of Chrome will be rolled out to all computers in the coming weeks, Google says.