Google on Thursday shipped emergency patches to address two
security issues in its Chrome web browser, one of which it says is
being actively exploited in the wild.
Tracked as CVE-2022-1364[1], the tech giant
described the high-severity bug as a case of type confusion in the
V8 JavaScript engine. Clément Lecigne of Google’s Threat Analysis
Group has been credited with reporting the flaw on April 13,
2022.
As is typically the case with actively exploited zero-day flaws,
the company acknowledged it’s “aware that an exploit for
CVE-2022-1364 exists in the wild.” Additional details about the
flaw and the identity of the threat actors have been withheld to
prevent further abuse.
With the latest fix, Google has patched a total of three
zero-day vulnerabilities in Chrome since the start of the year.
It’s also the second type confusion-related bug in V8 to be
squashed in less than a month –
Users are recommended to update to version 100.0.4896.127 for
Windows, Mac and Linux to thwart potential threats. Users of
Chromium-based browsers such as Microsoft Edge, Brave, Opera, and
Vivaldi are also advised to apply the fixes as and when they become
available.
References
- ^
CVE-2022-1364
(chromereleases.googleblog.com)
Read more https://thehackernews.com/2022/04/google-releases-urgent-chrome-update-to.html