Google launched this year’s second actively exploited Chrome Zero-Day. patched

Google has updated Chrome to address the second actively exploited zero-day vulnerability, which the company has identified as CVE-2022-1096, that was discovered in the browser this year.

The first chrome zero-day of 2022 was discovered in February. That flaw, CVE-2022-0609, was later revealed to be two state-sponsored North Korean hacking groups trying to compromise multiple targets in different industries within the US.

Now a second actively exploited Chrome Zero-Day has been discovered. Google has not disclosed much about the vulnerability at the time of writing; The company only says that this is a high severity type confusion flaw that was found in the V8 open source JavaScript and WebAssembly engines.

Other information about the vulnerability – including how it is reported, how much they will earn through Google’s bug bounty program, or how it might be exploited – has not been disclosed. Google says it “knows that an exploit for CVE-2022-1096 exists in the wild,” however.

Google says it has released a patch for CVE-2022-1096 with Chrome version 99.0.4844.84 for Windows, Mac, and Linux and that the release will “roll out in the coming days/weeks.” But users of the browser can also update manually if they don’t want to wait for automatic updates.

Leave a Reply

Your email address will not be published.