Chrome just patched a scary zero‑day flaw – update your browser immediately

Chrome just shipped a critical security update to patch a zero‑day vulnerability that attackers are already exploiting, and you really shouldn’t wait to install it. The fix is rolling out as part of the latest stable Chrome 149 release, with builds 149.0.7827.102 and 149.0.7827.103 on Windows and macOS, and 149.0.7827.102 on Linux. Google confirms the flaw is being abused in the wild right now.

The vulnerability lives in Chrome’s engine and gives attackers a path to run arbitrary code on your device. All they need is for you to visit a page they control. That page can come from a link in an email, an ad on a website, or even a message on social media. The exploit then tries to escape the browser sandbox so the attacker can do more on your computer than just affect the tab.

As Google noted, the exact details are still hidden as the company is waiting for more people to install this patch and for other browser vendors to prepare their own fixes.

Besides the zero day, this build adds a number of additional security patches. Many of them were reported by researchers through Google’s bug bounty program. The earlier Chrome 149 update already fixed 429 security issues. These smaller fixes still matter because attackers often combine several weaknesses to break in. The full list of fixes is below:

On a desktop computer the update process is straightforward. Open Chrome and click the three-dot menu in the top right corner. Choose Help from the menu and then About Google Chrome. The browser will check for the latest version and download it in the background. When the download is complete, click the Relaunch button to restart Chrome and apply the new code.

If you want to skip a couple of clicks, you can paste chrome://settings/help into the address bar instead. Just remember to restart Chrome after the update is complete.

Android users should update through the Play Store without delay. Open the Play Store app and go to the Manage apps and device section. Look for Chrome in the list of available updates. Tap Update and wait for the install to finish. Then close the browser completely and open it again to make sure the new version is active.

That said, at least Google is making quick moves to patch these vulnerabilities. Microsoft Edge is yet to get a security update to patch some of the previous security issues that Chrome has already fixed.

We stand out from the tech-media crowd because we break news stories; we mainly bring you stuff that you won’t find anywhere in the mainstream tech media. Our stories have been picked up by some of the world’s most popular websites and media outlets—more info is available here.