Security News > 2022 > March > Google Chrome patches mysterious new zero-day bug – update now
Last time we reported on a Chrome zero-day flaw was back in February 2022.
Anyway, back in February 2022, none of the bugs listed by Goole got a truly dangerous rating of "Critical", but one of them, dubbed CVE-2022-0609, was nevertheless accompanied by the admittedly rather vague words: "Google is aware of reports that an exploit for CVE-2022-0609 exists in the wild."
Well, March 2022 has brought us another Chrome exploit listed with the dreaded words, "Google is aware of reports that an exploit for CVE-2022-1096 exists in the wild."
CVE-2022-1096 is the only security fix listed in the 2022-03-25 Chrome update advisory, which announces the release of Chrome version 99.0.4844.84.
As you'll see if you read Google's report on the CVE-2022-0609 zero-day mentioned above, details such as who's using a known exploit, where they're using it, what they're using it for, and how reliably the exploit works in real life, can be hard to figure out, especially if the attackers guard the exploit carefully.
If Chrome hasn't already fetched the latest version for you automatically, go to DotDotDot in the top right, then use Help and About to access the update dialog: you want 99.0.4844.84 or later.
News URL
Related news
- Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day (source)
- How to enable Safe Browsing in Google Chrome on Android (source)
- Lazarus Group Exploits Google Chrome Vulnerability to Control Infected Devices (source)
- New tool bypasses Google Chrome’s new cookie encryption system (source)
- Google: 70% of exploited flaws disclosed in 2023 were zero-days (source)
- Google to let businesses create curated Chrome Web Stores for extensions (source)
- Google’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine (source)
- Google fixes two Android zero-days used in targeted attacks (source)
- Google says “Enhanced protection” feature in Chrome now uses AI (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-23 | CVE-2022-1096 | Type Confusion vulnerability in Google Chrome Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2022-04-05 | CVE-2022-0609 | Use After Free vulnerability in Google Chrome Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |