Security News > 2022 > March > Emergency Google Chrome update fixes zero-day used in attacks
Google has released Chrome 99.0.4844.84 for Windows, Mac, and Linux users to address a high-severity zero-day bug exploited in the wild.
This update was available immediately when BleepingComputer checked for new updates by going into Chrome menu > Help > About Google Chrome.
Even though Google said it detected attacks exploiting this zero-day in the wild, the company did not share technical details or additional info regarding these incidents.
Google Chrome users should have enough time to upgrade Chrome and prevent exploitation attempts until the browser vendor releases more info.
With this update, Google addressed the second Chrome zero-day since the start of 2022, the other one patched last month.
The Google Threat Analysis Group revealed that North Korean-backed state hackers exploited the CVE-2022-0609 zero-day weeks before the February patch.
News URL
Related news
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- Google Chrome's AI-powered security feature rolls out to everyone (source)
- Google Chrome disables uBlock Origin for some in Manifest v3 rollout (source)
- Google fixes Chrome zero-day exploited in espionage campaign (source)
- Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) (source)
- Apple fixes zero-day exploited in 'extremely sophisticated' attacks (source)
- Apple fixes zero-day flaw exploited in “extremely sophisticated” attack (CVE-2025-24200) (source)
- PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks (source)
- Critical PostgreSQL bug tied to zero-day attack on US Treasury (source)
- Microsoft fixes Power Pages zero-day bug exploited in attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-05 | CVE-2022-0609 | Use After Free vulnerability in Google Chrome Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |