The new Chrome updates has been released by Google that addresses three security bugs, including a zero-day vulnerability which is being actively exploited in the wild.
The attacks were discovered on February 18, by Clement Lecigne, a member of Google’s Threat Analysis Group, which is a division at Google for investigating and tracking threat actor groups.
However, any details about the attacks are not made public and is currently unknown how this bug is being used against Chrome users.
Patches for the zero-day was released as part of Chrome version 80.0.3987.122. The update is available for Windows, Mac, and Linux users, and is currently not available for Chrome OS, iOS, and Android.
A type confusion refers to coding bugs during which an app initializes data execution operations using input of a specific “type” but is tricked into treating the input as a different “type.”
The “type confusion” leads to logical errors in the app’s memory and can lead to situations where an attacker can run unrestricted malicious code inside an application.
This is the third Chrome zero-day which had been exploited in the wild in the past year.
All the users are advised to update to the latest version of Chrome at the earliest.
Chrome v80.0.3987.122 also has two additional security updates which were not exploited in the wild.