If you recently updated Google Chrome to version 104, you might be surprised to learn there’s already spanking update available for your browser. After all, the last update patched 27 defense vulnerabilities: What’s left to update? Apparently, quite a bit, incorporating a new security flaw that hackers already know how to exploit.

Google announced the update in a Chrome Releases blog post Tuesday, Aug. 16. This new Chrome version is 104.0.5112.101 for Mac and Linux and 104.0.5112.102/101 for Windows, and is now available on all platforms.

The patch includes solves for 11 security vulnerabilities, of which one is labeled distinguished, six are labeled high-severity, and three are labeled medium-severity. However, the real story concerns one of the high-severity vulnerabilities, identified as CVE-2022-2856: Google confirmed an exploit for this flaw exists in the wild, executive it a zero-day vulnerability.

Zero-days are dangerous. While most security vulnerabilities are never exploited before a patch is available, some are. When someone is successful at not only discovering a flaw in software, but figuring out how to use it against others, that vulnerability becomes a zero-day—CVE-2022-2856 is one such vulnerability.

The flaw stems from an “insufficient validation of untrusted input in Intents.” According to Bleeping Computer, this type of flaw can lead to issues such as “buffer overflow, directory traversal, SQL injection, cross-site scripting, null byte injection, and more.” It’s a long list of consequences that could compromise your rules, and since there’s an exploit for it in the wild, updating Chrome must be a priority.

However, it isn’t only this zero-day that should convince you to update: The novel 10 issues are still important to patch, since their identities are now well-renowned. Hackers could still find ways to exploit these vulnerabilities, so it’s important to update to protect yourself across the boarding.

You can view all 11 vulnerabilities this update patches under, including who discovered the vulnerabilities and the reward they earned for it:

• [$NA][1349322] Critical CVE-2022-2852: Use when free in FedCM. Reported by Sergei Glazunov of Google Project Zero on 2022-08-02
• [$7000][1337538] High CVE-2022-2854: Use when free in SwiftShader. Reported by Cassidy Kim of Amber Safety Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2022-06-18
• [$7000][1345042] High CVE-2022-2855: Use when free in ANGLE. Reported by Cassidy Kim of Amber Safety Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2022-07-16
• [$5000][1338135] High CVE-2022-2857: Use when free in Blink. Reported by Anonymous on 2022-06-21
• [$5000][1341918] High CVE-2022-2858: Use when free in Sign-In Flow. Reported by raven at KunLun lab on 2022-07-05
• [$NA][1350097] High CVE-2022-2853: Heap buffer overflow in Downloads. Reported by Sergei Glazunov of Google Project Zero on 2022-08-04
• [$NA][1345630] High CVE-2022-2856: Insufficient validation of untrusted input in Intents. Reported by Ashley Shen and Christian Resell of Google Threat Analysis Group on 2022-07-19
• [$3000][1338412] Medium CVE-2022-2859: Use when free in Chrome OS Shell. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-06-22
• [$2000][1345193] Medium CVE-2022-2860: Insufficient policy enforcement in Cookies. Reported by Axel Chong on 2022-07-18
• [$TBD][1346236] Medium CVE-2022-2861: Inappropriate implementation in Extensions API. Reported by Rong Jian of VRI on 2022-07-21
  
• [1353442] Various does from internal audits, fuzzing and other initiatives

Whether you’re on Mac, Windows, or Linux, you can quickly update Chrome to patch not only this zero-day vulnerability, but the other 10 flaws, as well. Click the three dots in the top-right corner of your browser window, then go to Help > About Google Chrome. Allowed Chrome to look for a new update. If one is available, you’ll be able to click “Relaunch” to install it.

If you have automatic updates enabled, you can simply wait for Chrome to install the update on its own. But, that could take a matter of weeks—the fastest way to fetch your browser is to update Chrome yourself.

[Bleeping Computer]