Security News > 2022 > March > Google Chrome patches mysterious new zero-day bug – update now
Last time we reported on a Chrome zero-day flaw was back in February 2022.
Anyway, back in February 2022, none of the bugs listed by Goole got a truly dangerous rating of "Critical", but one of them, dubbed CVE-2022-0609, was nevertheless accompanied by the admittedly rather vague words: "Google is aware of reports that an exploit for CVE-2022-0609 exists in the wild."
Well, March 2022 has brought us another Chrome exploit listed with the dreaded words, "Google is aware of reports that an exploit for CVE-2022-1096 exists in the wild."
CVE-2022-1096 is the only security fix listed in the 2022-03-25 Chrome update advisory, which announces the release of Chrome version 99.0.4844.84.
As you'll see if you read Google's report on the CVE-2022-0609 zero-day mentioned above, details such as who's using a known exploit, where they're using it, what they're using it for, and how reliably the exploit works in real life, can be hard to figure out, especially if the attackers guard the exploit carefully.
If Chrome hasn't already fetched the latest version for you automatically, go to DotDotDot in the top right, then use Help and About to access the update dialog: you want 99.0.4844.84 or later.
News URL
Related news
- Google fixes ninth Chrome zero-day exploited in attacks this year (source)
- Google fixes ninth Chrome zero-day tagged as exploited this year (source)
- Google tags a tenth Chrome zero-day as exploited this year (source)
- Google Chrome gets a mind of its own for some security fixes (source)
- Google Chrome Switches to ML-KEM for Post-Quantum Cryptography Defense (source)
- New Google Chrome feature will translate complex pages in real time (source)
- New Octo Android malware version impersonates NordVPN, Google Chrome (source)
- Google Fixes High-Severity Chrome Flaw Actively Exploited in the Wild (source)
- New Chrome zero-day actively exploited, patch quickly! (CVE-2024-7971) (source)
- Week in review: PostgreSQL databases under attack, new Chrome zero-day actively exploited (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-23 | CVE-2022-1096 | Type Confusion vulnerability in Google Chrome Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2022-04-05 | CVE-2022-0609 | Use After Free vulnerability in Google Chrome Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |