Google has released a new emergency security update for Chrome, fixing the fifth zero-day vulnerability since the beginning of the year.

As reported by BleepingComputer, this new zero-day (tracked as CVE-2023-5217) is particularly troubling because hackers have already devised ways to exploit it for attacks. For this reason, if you do not update Chrome immediately, you risk becoming a victim yourself.

In a recent security advisory, Google's Chrome team explained that the latest version of the browser for Windows, Mac, and Linux (117.0.5938.132) includes a total of 10 security fixes to fix three high severity vulnerabilities

The advisory states.

According to the advisory, it could be days or weeks before this emergency security update is distributed to all Chrome users. However, when we clicked "About Chrome" from Chrome's settings menu, the browser immediately downloaded the update. If you still do not see the update, you should continue to check for it so as not to postpone the installation.

Of the three vulnerabilities addressed in this new emergency security update, CVE-2023-5217 is a heap buffer overflow vulnerability in VP8 encoding in libvpx. This vulnerability was discovered by Clément Lecigne of Google's Threat Analysis Group (TAG) and can lead to app crashes and arbitrary code execution.

You may not be familiar with TAG, but TAG's security researchers are adept at finding serious zero-day used in spyware attacks against celebrities such as politicians and journalists; TAG's Maddie Stone, in a post to X, said that this zero-day fixed in the latest Chrome update was exploited by hackers to install spyware.

As is common with such zero-day, Google has yet to share additional information on how this zero-day was used in the wild attack. The reason for this is to give Chrome's installed base of 3.22 billion users (according to Statista) time to update their browser.

Once the details of the attack are released, other copycat hackers may come up with their own attacks that exploit the vulnerability. From here, they will target users who have not yet updated their software to the latest version. Thus, it is important to update Google Chrome now.

As with the recent zero-day flaw that Apple patched, the most important thing you can do to stay safe in this situation is to update Chrome to the latest version as soon as the update arrives in your browser.

To manually check for updates, click on the three-point menu, open "Settings" and open "About Chrome," and Google will use a color-coded alert system to let you know when a new update is available for your browser. A balloon appears next to your user name and changes color depending on when the update was released. A green balloon means the update is 2 days old, orange means the update is 4 days old, and red means the update was released at least a week ago. If you need more help, see our guide on how to update Google Chrome.

In addition to keeping your browser up-to-date, you should use the best antivirus software on your PC, the best Mac antivirus software on your Apple computer, and the best Android antivirus app on your Android smartphone. Using antivirus software along with installing the latest security updates will ensure protection against any cyber attacks.

We will probably never know more about how this vulnerability was exploited to install spyware, but just knowing that this happened is enough to convince us that this update is not something we want to skip It would be.