Google Chrome warning: US cyber defense agency gives users April 17 deadline to update browser or…

has released an emergency update for its Chrome browser on Microsoft Windows after a critical zero-day exploit was discovered actively being used in the wild, prompting urgent warnings from cybersecurity experts and government agencies.
The vulnerability, uncovered by cybersecurity firm Kaspersky earlier this month, involves a sophisticated malware attack that can infect users simply by clicking on a malicious email link. Kaspersky warned of a “wave of infections by previously unknown and highly sophisticated malware,” emphasising that “no further action was required to become infected” beyond clicking the initial link.
According to a Chromium release, Google has updated the stable channel to 134.0.6998.177/.178 for Windows which will roll out over the coming days/weeks. This update includes 1 security fix, the company added.
Google is, however, keeping the bug details and links restricted until a majority of users are updated with a fix.
“We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed,” it added.

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a stark warning, urging users to update Chrome immediately and, if an update is not feasible by April 17, to "discontinue use of the product.", as per Forbes. While this mandate officially applies to federal employees, CISA’s guidance is strongly recommended for all organisations, both public and private, regardless of size.
“Google Chromium Mojo on Windows contains a sandbox escape vulnerability caused by a logic error, which results from an incorrect handle being provided in unspecified circumstances. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera,” CISA said
India cyber agency Cert-In has also asked users in India to update their browsers citing the severity as 'Critical'.
"A vulnerability has been reported in Google Chrome which could allow a remote attacker to bypass Google Chrome sandbox protection on the targeted system," Cert-In said.
Meanwhile, Kaspersky said that “this exploit is certainly one of the most interesting we’ve encountered,” noting that it allowed attackers to bypass Chrome's sandbox protection “as if it didn't even exist.”
Mozilla has also issued a warning, acknowledging a similar vulnerability in its Firefox browser. “Following the recent Chrome sandbox escape, various Firefox developers identified a similar pattern in our IPC code,” the company stated.