Google Patches This Year's Second Actively Exploited Chrome Zero-Day

pcmag.com:

Google has updated Chrome to address the second actively exploited zero-day vulnerability, which the company has identified as CVE-2022-1096, discovered in the browser this year.

The first Chrome zero-day of 2022 was discovered in February. That flaw, CVE-2022-0609, was later revealed to have been exploited by two state-sponsored North Korean hacking groups looking to compromise numerous targets across various industries within the US.

Now a second actively exploited Chrome zero-day has been discovered. Google hasn't revealed much about the vulnerability at time of writing; the company merely says that it's a High severity type confusion flaw that was found in the V8 open source JavaScript and WebAssembly engine.

Other information about the vulnerability—including who reported it, how much they'll earn via Google's bug bounty program, or how it can be exploited—hasn't been revealed. Google does say that it's "aware that an exploit for CVE-2022-1096 exists in the wild," however.

Google says it's released a patch for CVE-2022-1096 with Chrome version 99.0.4844.84 for Windows, Mac, and Linux and that the release will "roll out over the coming days/weeks." But the browser's users can also update manually if they don't want to wait for the automatic update.

Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.

Your subscription has been confirmed. Keep an eye on your inbox!