Overview
- Google has released emergency updates for Chrome 136 on Windows, macOS, Linux, and Android to fix a zero-day vulnerability actively exploited by attackers.
- The flaw, caused by a faulty security policy in the Loader component, allowed remote cross-origin data access, posing significant privacy risks.
- The vulnerability was publicly disclosed by researcher Slonser_ on May 5 without prior notice to Google, bypassing the company's bug bounty process.
- Brave and Microsoft Edge have already adopted Chromium 136, while Vivaldi's update is imminent; Opera remains on the unsupported Chromium 134, leaving users at risk.
- Google is withholding details on two other vulnerabilities fixed in the update until a majority of users upgrade or third-party dependencies are patched.