Google has released its February security update for its Chrome browser, which includes a fix for a critical remote code execution vulnerability that could allow an attacker to install malware on a victim’s device. The patch also includes fixes for six high-severity vulnerabilities, one of which is almost a year old. These vulnerabilities could be exploited to allow attackers to execute arbitrary code or disclose information.
Google stated that the update will be pushed to desktops running Windows, macOS and Linux, which make up the nearly 2.65 billion users of the Chrome browser. Versions 110.0.5481.177 for Mac and Linux and 110.0.5481.177/.178 for Windows will receive the update via the “stable channel desktop updates” over the coming days and weeks.
The critical vulnerability, identified as CVE-2022-23526, was reported by Clément Lecigne of Google’s Threat Analysis Group, and was fixed in Chrome version 98.0.4758.134. This type of vulnerability, which is often referred to as a “zero-day” vulnerability, is typically exploited by attackers before a patch has been released.
To protect themselves from potential exploits targeting these vulnerabilities, users are advised to manually update their browsers to the latest version. Google has also recommended that users enable automatic updates to ensure they receive security patches as soon as they become available.