A high-severity vulnerability in Google’s Chrome browser has been addressed with an urgent security fix.
This year’s second zero-day vulnerability, CVE-2022-1096, is related to a type misunderstanding vulnerability in V8 JavaScript, which was discovered by an anonymous researcher on March 23rd.
The IT giant has recognized that “an exploit CVE-2022-1096 exists in the open,” but has declined to provide further specifics about the bug access to prevent further exploitation until the majority of users have patched the fix.
Two state-sponsored North Korean hacker groups used the alleged browser bug to attack U.S.-based firms in the news media, IT, crypto, and finance industries, according to Google’s Threat Analysis Group (TAG).
Following the February 14 fix for CVE-2022-0609, which leveraged an after-free vulnerability in the Animation component, CVE-2022-1096 is the second zero-day issue addressed by Google in Chrome browser. On February 10th, Google’s TAG’s Adam Weidemann and Clément Lecigne reported on it.
Users of Google Chrome should update to version 99.0.4844.84 for Windows, Mac, and Linux. Microsoft Edge, Opera, and Vivaldi are among the Chromium-based browsers that should be patched as soon as the update is available.