October 3, 2022

TheCyberThrone

Thinking Security ! Always

Google Fixes Chrome ZeroDay

Google has released Chrome 99.0.4844.84 for Windows, Mac, and Linux users to address a high severity zero day bug, tracked CVE-2022-1096, exploited in the wild.

The CVE-2022-1096 vulnerability is a Type Confusion in V8 JavaScript engine, the bug was reported by an anonymous on 2022-03-23.

Advertisements

The Stable channel has been updated to 99.0.4844.84 for Windows, Mac and Linux which will roll out over the coming days/weeks. Google is aware that an exploit for CVE-2022-1096 exists in the wild.

Google has yet to publish technical details about the flaw ether how it was exploited by threat actors in the wild.

Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

CVE-2022-0609 is the second zero-day vulnerability addressed by the IT giant this year in Chrome. In February Google fixed a high-severity zero-day flaw, tracked as CVE-2022-0609, which was actively exploited. Google released a Chrome emergency update for Windows, Mac, and Linux to fix the CVE-2022-0609 bug.

Advertisements

The CVE-2022-0609 zero-day is a use after free issue that resides in Animation, the bug was reported by Adam Weidemann and Clément Lecigne of Google’s Threat Analysis Group.

The flaw was exploited by North Korea-linked threat actors since January 4, 2022.

%d bloggers like this: