Google has released an emergency security update to fix a new zero-day vulnerability in Chrome that has already been exploited by hackers.

As reported by BleepingComputer, a new version of the search giant's browser is now rolling out to Chrome users in the stable and extended stable channels; according to Google, to patch this critical zero-day flaw, this new version of Chrome (version 116.0.5845.187/.188 for Windows, version 116.0.5845.187 for Mac and Linux) will be available to all users in the coming days and weeks.

While constant browser update prompts can be annoying, they cannot be ignored, as hackers often target users who have not yet updated their software. For this reason, one should install the next version of Chrome as soon as possible when it becomes available to avoid falling victim to potential attacks that take advantage of this flaw.

In a recent security advisory, Google revealed that an exploit for this zero-day flaw (tracked as CVE-2023-4863) is already available.

The flaw itself is caused by a heap buffer overflow vulnerability in WebP, which can be exploited to crash Chrome or execute arbitrary code within the browser. It was discovered last week by Apple's Security Engineering and Architecture (SEAR) team and the Citizen Lab at the University of Toronto's Munk School and reported to Google.

Google itself has said that this zero-day is actively being exploited in the wild, but has yet to provide details about these attacks. However, this is standard practice, and Apple often does the same with vulnerabilities so that as many users as possible can update their software before details of the attacks are released.

The reason for this is that once the details of the attack are released, other cybercriminals may use that knowledge to develop their own attacks targeting the remaining Chrome users who have not yet updated their browser.

Zero-day vulnerabilities are somewhat more difficult to defend against because, unlike malicious apps and malware, they require waiting for companies to release fixes. Therefore, the most important thing you can do personally is to install the latest security updates as they become available and keep all your software up-to-date.

Google makes it easy to see when a new Chrome update is available by displaying a callout next to your profile picture in the upper right corner of your browser. This balloon is color-coded to let you know when updates were released: green indicates updates that are 2 days old, orange indicates updates that are 4 days old, and red indicates updates that were released at least a week ago.17]

Clicking on the bubble will download the latest Chrome version of Chrome will be downloaded and installed the next time you restart your browser, but you can also update your Google browser manually by clicking on the three dots menu next to your profile picture, clicking Help, and then About Google Chrome. You can also manually update your Google browser. You will be taken to the browser settings page where you can check to see if you have the latest version of Chrome. If you need more information, see How to update Google Chrome.

In addition to keeping your browser up-to-date, you should also use the best antivirus software on your PC, the best Mac antivirus software on your Apple computer, and the best Android antivirus app on your Android smartphone. Using antivirus software along with installing the latest security updates will ensure protection against any cyber attacks.

If enough users update their browsers, they may learn more about the exploit created by this new Chrome zero-day. To date, this is the fourth zero-day vulnerability that Google has patched in its browser.