Google Patches Third Actively Exploited Chrome Zero-Day of 2022

pcmag.com:

Google has patched for another zero-day vulnerability in the Chrome browser.

The company released Chrome version 100.0.4896.127 for Windows, Mac, and Linux on April 14 to address the vulnerability identified as CVE-2022-1364. The company has disclosed two other zero-days, CVE-2022-0609 and CVE-2022-1096, since the start of the year.

Google didn't offer many details about CVE-2022-1364. The company says it's a type confusion vulnerability in the V8 engine used by Chrome and the Chromium project upon which it's based that was reported by Clément Lecigne from its own Threat Analysis Group sometime in 2022.

That means other browsers that are based on the Chromium project, including Microsoft Edge and Vivaldi, are also affected by CVE-2022-1364. Microsoft and Vivaldi both acknowledged the vulnerability and said they've updated their browsers to the patched version of Chromium.

Google says it's "aware that an exploit for CVE-2022-1364 exists in the wild." It said the same thing about the zero-day vulnerabilities revealed earlier this year, too, one of which it eventually revealed was exploited by two North Korean hacking groups targeting organizations in the US.

Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.

Your subscription has been confirmed. Keep an eye on your inbox!