Google has released Chrome 100.0.4896.127 for Windows, Mac and Linux, to improve the vulnerability of the Zero-day high severity which is actively used by threat actors in attacks.
“Google realizes that the exploitation for CVE-2022-1364 is in the wild,” Google said in a security advisor released today.
While Google states that this Chrome update will pass in the next few weeks, users can immediately receive them by entering the Chrome menu> Help> About Google Chrome.
Nordex Wind Turbine Company Hit by Conti Ransomware Attack
The browser will also automatically check new updates and install it the next time you close and launch Google Chrome.
Google Chrome Update 100.0.4896.127
Google Chrome Update 98
Because this bug is actively exploited in the attack, it is strongly recommended that you do a manual check for new updates and launch the browser to apply it.
Some details are expressed
Today’s repaired bug-day bug is tracked as CVE-2022-1364 and is a weakness of the high level of confusion in the chrome v8 JavaScript engine.
While the type of confusion generally causes the browser crash following successful exploitation by reading or writing memory from the buffer limit, the attacker can also exploit them to run the arbitrary code.
This vulnerability was discovered by Clément Lecigne from the Google threat analysis group that reported it to the Google Chrome team yesterday.
While Google said they had detected attacks that exploited zero today, it did not provide further details about how this attack was carried out.
“Access to bug details and links can be stored limited to the majority of users updated with repairs,” Google added.
This is the only vulnerability expressed in this update, showing that Chrome 100.0.4896.127 was encouraged as an emergency update to resolve this problem.
The third chome of zero-day was repaired this year
With this update, Google has discussed the third Chrome Zero-Day since the beginning of 2022.
The two previous vulnerabilities found in 2022 were listed below.
CVE-2022-1096 – March 25
CVE-2022-0609 – February 14