Google has rolled out Chrome version 134.0.6998.177/178 specifically for Windows, while updates for macOS, Linux, and Android remain unannounced. This update addresses a security vulnerability that is reportedly already being exploited by malicious individuals. Consequently, developers of other browsers that utilize Chromium are expected to release their updates soon. Google has categorized the vulnerability as high risk, identifying it as an exploitable bug in Mojo, a set of runtime libraries used for inter-process communication on Windows.
The bug occurs under unspecified conditions. The vulnerability was initially reported to Google on March 20 by Kaspersky security experts Boris Larin and Igor Kuznetsov. Recent indications suggest that the vulnerability has already been leveraged for actual attacks in the wild, likely informed by the analyses of Larin and Kuznetsov alongside their malware investigations. While the exact nature of the attacks remains unclear, it is evident they are targeting Windows computers since the Chrome update has only been released for that platform.
Typically, Chrome updates automatically, but users can also manually initiate the check through the menu under Help > About Google Chrome. A new version, Chrome 135, is expected to be launched within the next week. Following Google’s lead, other Chromium-based browsers such as Brave, Vivaldi, and Microsoft Edge are anticipated to issue their own updates addressing this vulnerability later in the week. However, Opera continues to operate on the outdated Chromium version 132.
This situation underscores the critical need for effective security software on personal computers. Vulnerabilities can arise swiftly, and attackers may exploit them even before developers are aware of the risks.