Google Chrome Emergency Update Fixes Zero-Day Used in Attack

google chrome

Google announced the release of Chrome 100.0.4896.127 for Windows, Mac, and Linux, fixing a high severity zero-day vulnerability that attackers are actively using in their attacks.

https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_14.html

We are aware of the CVE-2022-1364 exploit on the loose

Users can receive updates immediately by visiting the Chrome menu > Help > About Google Chrome.

Because this vulnerability is actively used in attacks, Google strongly recommend that End-user manually check for new updates and restart thier browser to apply them.

The zero-day bug that has been fixed is tracked as CVE-2022-1364 and is a highly serious type confusion weakness in the Chrome V8 JavaScript engine.

In general, a type mixup vulnerability can be successfully exploited by reading or writing memory outside of buffer boundaries to cause a browser crash, but an attacker can also exploit this to execute arbitrary code.

This vulnerability was discovered by Clément Lecigne of Google’s Threat Analysis Group and reported to the Google Chrome team.

Google says it has detected attacks that exploit this zero-day, but does not provide details on how these attacks are carried out.

Release of bug details may remain limited until the majority of users are updated with a fix

This is the only vulnerability disclosed in this update, indicating that Chrome 100.0.4896.127 has been pushed as an emergency update to resolve this issue.

Leave a Reply

Your email address will not be published.