Security News

Google is issuing fixes for two vulnerabilities in its Chrome web browser, including one flaw that is already being exploited in the wild. The emergency updates the company issued this week impact the almost 3 billion users of its Chrome browser as well as those using other Chromium-based browsers, such as Microsoft Edge, Brave and Vivaldi.

Google has released Chrome 100.0.4896.127 for Windows, Mac, and Linux, to fix a high-severity zero-day vulnerability actively used by threat actors in attacks. "Google is aware that an exploit for CVE-2022-1364 exists in the wild," Google said in a security advisory released today.

North Korean hackers have been exploiting a zero-day in Chrome. The flaw, tracked as CVE-2022-0609, was exploited by two separate North Korean hacking groups.

Google has updated its Stable channel for the desktop version of Chrome, to address a zero-day security vulnerability that's being actively exploited in the wild. The bug, tracked as CVE-2022-1096, is a type-confusion issue in the V8 JavaScript engine, which is an open-source engine used by Chrome and Chromium-based web browsers.

Threat actors from North Korea have been exploiting a vulnerability in Google Chrome to target certain users with remote code, particularly news outlets, software vendors and fintechs in the United States. On Feb. 10, Google's TAG team discovered two distinct threat actors using that vulnerability to target U.S.-based organizations spanning news media, IT, cryptocurrency and fintech industries.

Google has released Chrome 100 today, March 29th, 2022, to the Stable desktop channel, and it includes a new logo, security improvements, development features, and more. Today, Google promoted Chrome 100 to the Stable channel, Chrome 101 as the new Beta version, and Chrome 102 will be the Canary version.

The U.S. Cybersecurity and Infrastructure Security Agency has ordered federal civilian agencies to patch a Google Chome zero-day and a critical Redis vulnerability actively exploited in the wild within the next three weeks. The Muhstik malware gang has added a dedicated spreader exploit for the Redis Lua sandbox escape vulnerability after a proof-of-concept exploit was publicly released on March 10th. According to a binding operational directive issued in November, Federal Civilian Executive Branch Agencies agencies must secure their systems against these vulnerabilities, with CISA giving them until April 18th to patch.

Google Chrome and Microsoft Edge have been updated to patch a security flaw an exploit for which is said to be in the wild. Chromium is at the heart of Google Chrome as well as Microsoft Edge.

Last time we reported on a Chrome zero-day flaw was back in February 2022. Anyway, back in February 2022, none of the bugs listed by Goole got a truly dangerous rating of "Critical", but one of them, dubbed CVE-2022-0609, was nevertheless accompanied by the admittedly rather vague words: "Google is aware of reports that an exploit for CVE-2022-0609 exists in the wild."

Google on Friday shipped an out-of-band security update to address a high severity vulnerability in its Chrome browser that it said is being actively exploited in the wild. Tracked as CVE-2022-1096, the zero-day flaw relates to a type confusion vulnerability in the V8 JavaScript engine.