Google has released its fourth security update in the past three weeks to its desktop Chrome browser for Windows, Mac, and Linux

The new version of Chrome and its Chromium open source foundation is listed as 900443085 and was released late yesterday (April 20) This version fixes seven security flaws, one of which is a "zero-day" (sort of) flaw that was out in the wild before Google fully patched it

The vulnerability, which turned out not to be a zero-day flaw, appears to be the same as the one disclosed on Twitter in the middle of last week

On Windows and Mac, updating Chrome is easy It updates automatically when the browser starts, so just close the browser and start it again to begin the update; for Linux, you will have to wait for the next update of the distribution

To confirm that Chrome has been updated, click on the three vertical dots in the upper right corner of the browser window, move the cursor to "Help" and click "About Google Chrome" from the menu that appears

A new tab will open You will see that your browser is up-to-date or a newer version will be downloaded

Google's official Chrome Releases blog generously details five security flaws discovered by outside researchers, aside from two discovered internally Three of them are problems with the V8 JavaScript engine used in Chromium, including one that was revealed online last week

One of the flaws has been assigned catalog number CVE-2021-21224 and is described as resulting from "type confusion in V8" Srinivas Sista, the author of the blog post, stated wryly, "Google is aware of reports that the CVE-2021-21224 exploit is out in the wild"

Credit for this discovery (and a yet-to-be-determined bug bounty) goes to Argentine security researcher Jose Martinez of VerSprite Inc whose hacker handle is "tr0y4"

Another Chinese researcher calling himself "frust" posted a link on Twitter on April 14 to code that pops open the Notepad application if a malicious web page is loaded in Windows Chrome

Last night, Martinez explained on Twitter that he filed a bug report with Google on April 5

According to Martinez, Google fixed the problem with its open source V8 engine on April 12 and made the changes public

The same thing happened with an earlier flaw in V8 that had been disclosed by two European researchers who used it to win $100,000 in a Pwn2Own hacking contest earlier this month

The Indian researchers observed subsequent changes to V8 and declared their own "zero-day" flaw, which was later retracted The flaw was fixed on April 13 in Chrome/Chromium version 8904389128

A true zero-day flaw is one of which the developers of the affected software are unaware before it is released to the public

These hacks and patches made for a busy month for Chrome and Chromium developers Below is a list of updates since March 1:

Brave, Microsoft Edge, Opera, Vivaldi, and other well-known browsers based on Chromium As of this writing (April 21, 12:45 PM New York time), Brave is still an older version of Chromium, Vivaldi is two versions behind, and Opera is three versions behind

Edge uses a slightly different numbering system, but since it has been updated at least once since the last documented security update on April 16, we can presume that Edge is up to date

Edge and Brave updates are similar to Chrome updates Click on the settings icon in the upper right corner of the browser window, scroll down and look for something labeled "About" at or near the bottom of the menu" Sometimes "About" is hidden in the "Help" menu

In Opera and Vivaldi, first click on the browser icon in the upper left corner of the window, scroll down to "Help," and click "About" in the fly-out menu

Similar to Chrome, the "About" tab checks for available updates and generates a new tab to install