Chrome emergency update fixes actively exploited a zero-day bug

2 years ago 144
BOOK THIS SPACE FOR AD
ARTICLE AD

Google addresses an actively exploited zero-day flaw with the release of Chrome 99.0.4844.84 for Windows, Mac, and Linux.

Google fixed an actively exploited high-severity zero-day vulnerability with the release of Chrome 99.0.4844.84 for Windows, Mac, and Linux.

Google has released Chrome 99.0.4844.84 for Windows, Mac, and Linux users to address a high-severity zero-day bug, tracked as CVE-2022-1096, exploited in the wild.

The CVE-2022-1096 vulnerability is a Type Confusion in V8 JavaScript engine, the bug was reported by an anonymous on 2022-03-23.

“The Stable channel has been updated to 99.0.4844.84 for Windows, Mac and Linux which will roll out over the coming days/weeks.” reads the security advisory published by Google.

“Google is aware that an exploit for CVE-2022-1096 exists in the wild.”

At this time, Google has yet to publish technical details about the flaw ether how it was exploited by threat actors in the wild.

Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.” continues the advisory.

CVE-2022-0609 is the second zero-day vulnerability addressed by the IT giant this year in Chrome. In February Google fixed a high-severity zero-day flaw, tracked as CVE-2022-0609, which was actively exploited. Google released a Chrome emergency update for Windows, Mac, and Linux to fix the CVE-2022-0609 bug.

The CVE-2022-0609 zero-day is a use after free issue that resides in Animation, the bug was reported by Adam Weidemann and Clément Lecigne of Google’s Threat Analysis Group.

The flaw was exploited by North Korea-linked threat actors since January 4, 2022.

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, Chrome)

Read Entire Article