Scroll Top
19th Ave New York, NY 95822, USA
+1 916-875-223-5968
Join Now

Google fixes Chrome zero-day used in attacks

chrome-min
April 15, 2022

Google has released Chrome 100.0.4896.127 for Windows, Mac, and Linux, to fix a high-severity zero-day vulnerability actively used by threat actors in attacks.

“Google is aware that an exploit for CVE-2022-1364 exists in the wild,” Google said in a security advisory released today.

While Google states that this Chrome update will roll out in the next few weeks, users can receive it immediately by going into the Chrome menu > Help About Google Chrome.

The browser will also automatically check for new updates and install them the next time you close and relaunch Google Chrome.

As this bug is actively exploited in attacks, it is strongly advised that you perform a manual check for new updates and relaunch the browser to apply them.

Few details disclosed

The zero-day bug fixed today is tracked as CVE-2022-1364 and is a high severity type confusion weakness in the Chrome V8 JavaScript engine.

While type confusion flaws generally lead to browser crashes following successful exploitation by reading or writing memory out of buffer bounds, attackers can also exploit them to execute arbitrary code.

This vulnerability was discovered by Clément Lecigne from Google’s Threat Analysis Group who reported it to the Google Chrome team yesterday.

While Google said they have detected attacks exploiting this zero-day, it did not provide further details regarding how these attacks are conducted.

Chrome zero-day

“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” Google added.

This is the only vulnerability disclosed in this update, indicating that Chrome 100.0.4896.127 was pushed out as an emergency update to resolve this issue.

Third Chome zero-day fixed this year

With this update, Google has addressed the third Chrome zero-day since the start of 2022.

The previous two vulnerabilities found in 2022 are listed below.

  • CVE-2022-1096 – March 25th
  • CVE-2022-0609 – February 14th

As this zero-day is known to be used in attacks, it is strongly advised to update Google Chrome as soon as possible.

Source: www.bleepingcomputer.com

Related Posts

Microsoft warns of widespread Chromeloader malware attacks

VMware and Microsoft are warning of an ongoing, widespread Chromeloader malware campaign that has evolved into a more dangerous threat,…

20 Sep 2022
WPGateway WordPress plugin: Zero-day bug exploited in attacks

The Wordfence Threat Intelligence team warned today that WordPress sites are actively targeted with exploits targeting a zero-day vulnerability in…

14 Sep 2022
Microsoft: Mitigation measures for Office zero-day exploited in attacks

Microsoft has shared mitigation measures to block attacks exploiting a newly discovered Microsoft Office zero-day flaw abused in the wild…

31 May 2022
Apple fixes new zero-day bug used to hack iPhones and Macs

Apple has released security updates to address the eighth zero-day vulnerability used in attacks against iPhones and Macs since the…

13 Sep 2022
Gmail is getting client-side encryption on the web in beta

Google Workspace apps are rated among the best productivity tools in the business. The suite covers a broad range of services, such…

19 Dec 2022
Google Chrome extensions could be fingerprinted to track users online

A researcher has created a website that uses your installed Google Chrome extensions to generate a fingerprint of your device…

21 Jun 2022
Spyware vendor Candiru used Chrome zero-day to infect journalists

The Israeli spyware vendor Candiru was found using a zero-day vulnerability in Google Chrome to spy on journalists and other…

22 Jul 2022
Google Chrome update fixes new zero-day

Google has released Chrome 105.0.5195.102 for Windows, Mac, and Linux users to address a single high-severity security flaw, the sixth…

05 Sep 2022
CISA: Adobe ColdFusion bug exploited as a zero-day

CISA has added a critical vulnerability impacting Adobe ColdFusion versions 2021 and 2018 to its catalog of security bugs exploited…

16 Mar 2023
Apple fixes zero-day used in attacks against iPhones

In security updates released on Monday, Apple has fixed the ninth zero-day vulnerability used in attacks against iPhones since the…

25 Oct 2022
Google Gmail client-side encryption is now generally available

Gmail client-side encryption (CSE) is now generally available for Google Workspace Enterprise Plus, Education Plus, and Education Standard customers. The…

01 Mar 2023
Windows Mark of the Web: Zero-day bug gets unofficial patch

A free unofficial patch has been released through the 0patch platform to address an actively exploited zero-day flaw in the…

18 Oct 2022
Cybercriminals mostly targeted Google, Microsoft, Apple zero-day bugs in 2022

Hackers continue to target zero-day vulnerabilities in malicious campaigns, with researchers reporting that 55 zero-days were actively exploited in 2022,…

21 Mar 2023
Scammers sell Fake Microsoft Exchange ProxyNotShell exploits on GitHub

Scammers are impersonating security researchers to sell fake proof-of-concept ProxyNotShell exploits for newly discovered Microsoft Exchange zero-day vulnerabilities. Last week, Vietnamese…

04 Oct 2022
Windows zero-day bug giving admin rights, gets unofficial patch

A Windows local privilege escalation zero-day vulnerability that Microsoft has failed to fully address for several months now, allows users…

22 Mar 2022