Security News > 2022 > March > Emergency Google Chrome update fixes zero-day used in attacks

Google has released Chrome 99.0.4844.84 for Windows, Mac, and Linux users to address a high-severity zero-day bug exploited in the wild.
This update was available immediately when BleepingComputer checked for new updates by going into Chrome menu > Help > About Google Chrome.
Even though Google said it detected attacks exploiting this zero-day in the wild, the company did not share technical details or additional info regarding these incidents.
Google Chrome users should have enough time to upgrade Chrome and prevent exploitation attempts until the browser vendor releases more info.
With this update, Google addressed the second Chrome zero-day since the start of 2022, the other one patched last month.
The Google Threat Analysis Group revealed that North Korean-backed state hackers exploited the CVE-2022-0609 zero-day weeks before the February patch.
News URL
Related news
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- Google fixes Chrome zero-day exploited in espionage campaign (source)
- Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) (source)
- Google fixes Android zero-days exploited in attacks, 60 other flaws (source)
- Google fixes Android zero-day exploited by Serbian authorities (source)
- Broadcom fixes three VMware zero-days exploited in attacks (source)
- Google Cuts Off uBlock Origin on Chrome as Firefox Stands Firm on Ad Blockers (source)
- Malicious Chrome extensions can spoof password managers in new attack (source)
- Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-04-05 | CVE-2022-0609 | Use After Free vulnerability in Google Chrome Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |