Security News > 2022 > February > Chrome Zero-Day Under Active Attack: Patch ASAP
Google on Monday issued 11 security fixes for its Chrome browser, including a high-severity zero-day bug that's actively being jumped on by attackers in the wild.
To fix the Animation problem, along with 10 other security issues, Google released Chrome 98.0.4758.102 for Windows, Mac, and Linux, due to roll out over coming days or weeks.
Chrome users can fix it straight away by going into the Chrome menu > Help > About Google Chrome.
Given that the zero day is under active attack, updating Chrome should be done ASAP. Credit for the Animation zero day goes to Adam Weidemann and Clément Lecigne, both from Google's Threat Analysis Group.
Finally, Google patched a medium-severity issue with inappropriate implementation in Gamepad API. This is Chrome's first zero day of the year, and more are sure to follow.
CVE-2021-21224 - April 20, an issue with type confusion in V8 in Google Chrome that could have allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
News URL
https://threatpost.com/google-chrome-zero-day-under-attack/178428/
Related news
- Chrome to patch decades-old flaw that let sites peek at your history (source)
- Google fixes Android zero-days exploited in attacks, 60 other flaws (source)
- Microsoft April 2025 Patch Tuesday fixes exploited zero-day, 134 flaws (source)
- Patch Tuesday: Microsoft Fixes 134 Vulnerabilities, Including 1 Zero-Day (source)
- Old Fortinet flaws under attack with new method its patch didn't prevent (source)
- Apple fixes two zero-days exploited in targeted iPhone attacks (source)
- Apple plugs zero-day holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201) (source)
- Apple Patches Two Zero-Days Used in ‘Extremely Sophisticated’ Attacks (source)
- Cookie-Bite attack PoC uses Chrome extension to steal session tokens (source)
- Phishing detection is broken: Why most attacks feel like a zero day (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-26 | CVE-2021-21224 | Type Confusion vulnerability in multiple products Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | 8.8 |