Google has started rolling out an emergency security update for its Chrome browser on all desktop and Android operating systems. The primary goal is to fix a potentially very dangerous 0-day exploit, a heap buffer overflow in WebRTC, the component that basically allows you to run videochat directly from a browser.

At the moment it is not possible to examine the bug in detail because, according to Google itself, at least one exploit is circulating that exploits it. It is therefore useless to underline that it is highly recommended to update the browser as soon as possible ; on Android simply go to the relevant page of the Play Store and press the Update button, while on the desktop you have to:

Click on the three vertical dots at the top right, immediately after the icon of your user account

From the menu that appears, choose Help > About Chrome

The browser will automatically check and apply the update, after which the browser will have to be restarted using the appropriate button that will appear alongside.

The complete changelog consists of:

CVE-2022-2294: Heap Buffer Overflow in WebRTC. High criticality level.

CVE-2022-2295: Type Confusion in V8, chrome’s JavaScript engine. High criticality level.

[desktop only] CVE-2022-2296: Use after free in browser shell. High criticality level.

An additional bug discovered by the internal team on which public details are not available at the moment.

Google has also distributed the update on the Extended Stable channel. In this case only the WebRTC bug has been fixed.