One of the two security vulnerabilities identified in the Google Chrome web browser was reportedly being actively exploited in the wild.
On Thursday, Google released emergency fixes for the Chrome browser to address two security vulnerabilities. The newly released Google Chrome stable model 100..4896.127 is available for Home Windows, Linux, and macOS. The update was released with several improvements and bug fixes to ensure the browser was safe.
The most significant development is that the updated Chrome addressed the critical zero-day flaw tracked as CVE-2022-1096 that was being actively exploited in the wild. More details about the flaw will be disclosed after a vast majority of the users have access to the update.
Details of the Flaw
Google described CVE-2022-1364 as a high-severity bug that emerged from type confusion in the V8 JavaScript engine. Google’s Threat Analysis Group’s Clément Lecigne reported this flaw on April 13, 2022. As is generally noted with actively exploited zero-days, an exploit for this flaw already exists in the wild. Hence, the tech giant withheld many details of the flaw to prevent further abuse.
With Chrome’s latest update, Google fixed three zero-day flaws since the beginning of 2022, while the latest is the second Type Confusion bug in V8 addressed within a month. The previously fixed zero-day flaws include CVE-2022-0609 and CVE-2022-1096.
