Last week, news made the rounds about a new Google Chrome zero-day bug. Essentially, there is potential for executable code to be injected into your browser. Google Chrome received a patch last week to address this, but Chromebooks had to wait until yesterday. That’s when a Chrome OS 99 Stable Channel update became available. My Chromebook got the Google Chrome update last week though, showing the benefits of the Lacros browser.
How did I get my Chromebook browser patched last week? It’s because I’m not using the Chrome browser on my device. Or at least not the Chrome browser that has been integrated as part of Chrome OS for a decade.
For testing, I switched over to the Lacros browser full-time. Technically Lacros is Google Chrome, but it’s not the Chrome OS version of Chrome if that makes sense. Instead, it’s the Linux version of Chrome running on my Chromebook. And if you aren’t aware, Lacros is going to become the default browser on all Chromebooks.
The recent Google Chrome zero-day bug actually illustrates a key benefit of this approach.
Since Google can quickly patch Chrome for Linux, Mac, and Windows and then push just a small browser update to those platforms, it can implement fixes fast. With Lacros, which again is Google Chrome for Linux, I got my security update as all of the other traditional computer platforms last week. Nearly all Chromebook users are just getting it now.
I realize a few days is simply that: A few days. But when it comes to High or Severe browser exploits, you want a fix as quickly as possible. This particular issue, CVE-2022-1096, is ranked as High and even worse, Google says it “is aware that an exploit for CVE-2022-1096 exists in the wild.
I’m not sharing all of this to scare you, or to say “ha ha, my Chromebook got an update before yours did!” Nor am I suggesting you switch over to test Lacros on a primary device right now.
I’m simply trying to illustrate, using a real-world, current example of what the benefit of Lacros on a Chromebook is. Some readers have reached out saying they’re not fans of switching to the Linux version of Google Chrome.
I get that. Change is challenging.
However, I can say that other than the browser icon and a few features not quite ready yet, Lacros is nearly identical to Chrome on a Chromebook. And instead of waiting for a Chrome OS update to get browser patches, you’ll get them at the same time most other Google Chrome users do.
10 thoughts on “Google Chrome zero-day bug update shows the benefit of Lacros on a Chromebook”
Definitely a benefit, but I’m still more concerned about updates causing other issues such as the one last year that stopped people logging in at all. Other than security I’d much prefer slower and better tested updates. Hardly any new features have ever come that I’m in a rush for. It’s also another benefit of proper PWA / Cloud computing, issues are rarely my end.
Honestly what new features are people in a rush for? that really matter??!?!
Resistance is futile.
Resistance is futile.
How about options to change default browser in chrome os when Lacros emerges. Maybe this is all about that and EU law etc.
thanks a ton for writing about this. I use chrome dev on my Chromebook which for reasons unknown stopped working. opera works fine, but all goog chrome browsers seem to have called it quits. downloaded the lacros and all is back to normal!
The phrase “zero-day bug” should be a strong motivator to update as early as possible.
In addition to Chrome, I am running MS Edge on my Chromebase.
My understanding is that it has the same vulnerability.
So I updated straight away. Now at Version 100.0.1185.23 (Official build) beta (64-bit)
This link was helpful in getting it done:
It would have the same vulnerability indeed. Edge is based on Chromium, which is of course, what Chrome is built from. Any Chromium-based browser would have this issue, including Brave, Opera, and others. So update ’em if you use ’em!
Yes, I would be interested in more Google Chrome Browser news. I have 1 pixelbook and 1 chromebook that hit end of life updates in June and would like to separate the browser out as you have done so that I can continue to receive browser updates even if the Chrome OS stops updating… On a related note, I’d really like to know what I should do in advance of the June end of life to have the Chrome laptops in their best configuration. For instance, should I update the linux system? Should I decouple the browser, etc?
I was trying to use Lacros, but there was a weird bug with typing where I had to type each letter twice. And god forbid I backspace, or all hell broke loose. So I switched back to Ash for now. However, I have a lot of experimental flags on, and use the Dev channel for both ChromeOS -and- Lacros. I think I was just too lazy to test and restart until I figured out what exactly caused the problem. But after reading this and the other comments, I think maybe I’ll try the stable channel of Lacros and leave most flags on default. I have a feeling that problem will disapear. It was rather weird tho.
I haven’t seen any of that weirdness, but I suspect our configurations are different as you noted by your enabled flags. Let me know if that fixes the problem. I’m curious since Lacros has been rock solid for me so far with the latest Chrome OS Dev Channel(s).