Google has issued an urgent security patch to address a high-severity vulnerability in their Chrome browser.
Identified as CVE-2022-1096, this year’s second zero-day vulnerability relates to a type confusion vulnerability in the V8 JavaScript reported by an anonymous researcher on March 23rd.
The tech giant has acknowledged that they’re aware of “an exploit CVE-2022-1096 exists in the wild,” not mentioning additional details to bug access to prevent further exploitation until most users patched the fix.
Google’s Threat Analysis Group (TAG) revealed earlier this week that the said browser flaw has been exploited by two state-sponsored North Korean hacking groups to strike U.S. based organizations composing news media, IT, crypto, and fintech industries.
CVE-2022-1096 is the second zero-day vulnerability address by Google in Chrome browser following the CVE-2022-0609 patched in February 14 that used an after-free vulnerability in Animation component. Reported by Adam Weidemann and Clément Lecigne of Google’s TAG on February 10th.
Google Chrome users are urged to update to its latest version 99.0.4844.84 for Windows, Mac, and Linux. Chromium-based browsers such as Microsoft Edge, Opera, and Vivaldi are also advised to patch the fixes as soon as the update becomes available.
Hi is my chrome is at risk? What will i do? Thanks