Security News > 2022 > April > Google Chrome emergency update fixes zero-day used in attacks
Google has released Chrome 100.0.4896.127 for Windows, Mac, and Linux, to fix a high-severity zero-day vulnerability actively used by threat actors in attacks.
"Google is aware that an exploit for CVE-2022-1364 exists in the wild," Google said in a security advisory released today.
While Google states that this Chrome update will roll out in the next few weeks, users can receive it immediately by going into the Chrome menu > Help > About Google Chrome.
The browser will also automatically check for new updates and install them the next time you close and relaunch Google Chrome.
While Google said they have detected attacks exploiting this zero-day, it did not provide further details regarding how these attacks are conducted.
As this zero-day is known to be used in attacks, it is strongly advised to update Google Chrome as soon as possible.
News URL
Related news
- Google fixes Android zero-days exploited in attacks, 60 other flaws (source)
- Google: 97 zero-days exploited in 2024, over 50% in spyware attacks (source)
- Google Chrome to use on-device AI to detect tech support scams (source)
- Google Chrome to block admin-level browser launches for better security (source)
- Google Chrome's Built-in Manager Lets Users Update Breached Passwords with One Click (source)
- Apple fixes two zero-days exploited in targeted iPhone attacks (source)
- Apple plugs zero-day holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201) (source)
- Apple Patches Two Zero-Days Used in ‘Extremely Sophisticated’ Attacks (source)
- Phishers abuse Google OAuth to spoof Google in DKIM replay attack (source)
- Cookie-Bite attack PoC uses Chrome extension to steal session tokens (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-26 | CVE-2022-1364 | Type Confusion vulnerability in Google Chrome Type confusion in V8 Turbofan in Google Chrome prior to 100.0.4896.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |