Google issued an emergency update for its popular Chrome web browser to fix a “zero-day” vulnerability that had been discovered by a member of Google’s Threat Analysis Group on April 11. This is the first such vulnerability that Google has discovered this year. The patch has been released for Chrome applications installed on computers running on Microsoft Windows, Apple’s Macs, and Linux. Google has not disclosed any details about any attacks related to this vulnerability.
A zero-day vulnerability is a software vulnerability in a system that has been discovered and disclosed, but has yet to receive a patch or an update to fix it. This means that owners of systems affected by the vulnerability are unaware of the risk, and no patch exists for zero-day vulnerabilities, making them more likely to succeed in attacks, according to cybersecurity company Kaspersky. These vulnerabilities can result in zero-day exploits, which is the method hackers use to attack systems that have been compromised with a previously unidentified vulnerability, and a zero-day attack, which is the use of a zero-day exploit to steal data or cause damage.
The discovery of such vulnerabilities is concerning because it may take several months to discover new vulnerabilities in systems in most cases after an attack has been completed, and only then can developers work on a patch to fix it. Even after a zero-day patch is released, not all users are quick to implement it, and in recent years, hackers have been faster at exploiting vulnerabilities soon after discovery, according to Kaspersky. Therefore, it is crucial for users to update their software as soon as possible to avoid falling victim to zero-day attacks.