Google has released an update that includes two security fixes. One of those security fixes is for a zero day, which Google says they are already exploiting.
If you are a user of it Chrome into a Windows, Mac or Linux, you should update the app immediately.
The easiest way to update Chrome is to allow it to update automatically. However, if you never close the browser or if something goes wrong—like a extension which prevents you from updating your browser n automatic update it won't help you.
So it doesn't hurt to check every now and then. My preferred method is to open the chrome://settings/help internal page.
Google never gives much information about the security gaps, for obvious reasons. But we do know that this particular vulnerability was reported by Clément Lecigne of Google's Threat Analysis Team.
The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security vulnerabilities. The CVE for 0day is:
CVE-2023-3079: a type confusion in V8 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Type confusion vulnerabilities are programming flaws that occur when code does not verify the type of the object passed to it before using it. Type confusion can allow an attacker to pass function pointers or wrong data into code. In some cases, it can also run code.
So all users of other Chromium-based browsers, such as Edge, should also wait for updates, as there is a chance that the same zero day will affect all Chromium-based browsers.
