Particle.news

Download on the App Store

Google Urges Immediate Update to Chrome 136 to Address Actively Exploited Zero-Day Vulnerability

A critical flaw in the Loader component enabling cross-origin data theft has been patched, but some Chromium-based browsers lag behind in deploying updates.

Image
Image

Overview

  • Google has released emergency updates for Chrome 136 on Windows, macOS, Linux, and Android to fix a zero-day vulnerability actively exploited by attackers.
  • The flaw, caused by a faulty security policy in the Loader component, allowed remote cross-origin data access, posing significant privacy risks.
  • The vulnerability was publicly disclosed by researcher Slonser_ on May 5 without prior notice to Google, bypassing the company's bug bounty process.
  • Brave and Microsoft Edge have already adopted Chromium 136, while Vivaldi's update is imminent; Opera remains on the unsupported Chromium 134, leaving users at risk.
  • Google is withholding details on two other vulnerabilities fixed in the update until a majority of users upgrade or third-party dependencies are patched.