Google has updated Chrome to address the second actively exploited zero-day vulnerability, which the company has identified as CVE-2022-1096, that was discovered in the browser this year.
The first chrome zero-day of 2022 was discovered in February. That flaw, CVE-2022-0609, was later revealed to be two state-sponsored North Korean hacking groups trying to compromise multiple targets in different industries within the US.
Now a second actively exploited Chrome Zero-Day has been discovered. Google has not disclosed much about the vulnerability at the time of writing; The company only says that this is a high severity type confusion flaw that was found in the V8 open source JavaScript and WebAssembly engines.
Other information about the vulnerability – including how it is reported, how much they will earn through Google’s bug bounty program, or how it might be exploited – has not been disclosed. Google says it “knows that an exploit for CVE-2022-1096 exists in the wild,” however.
Google says it has released a patch for CVE-2022-1096 with Chrome version 99.0.4844.84 for Windows, Mac, and Linux and that the release will “roll out in the coming days/weeks.” But users of the browser can also update manually if they don’t want to wait for automatic updates.