Cloud Security, Security Architecture, Risk Assessments/Management, Breach, Threat Management

Google Chrome zero-day fix issued

SecurityWeek reports that Google has released an emergency update to address a high-severity type confusion bug, tracked as CVE-2022-1096, impacting Chrome 99. The vulnerability was identified by an anonymous researcher within the V8 JavaScript and WebAssembly engine. "Google is aware that an exploit for CVE-2022-1096 exists in the wild," said Google in its advisory. Microsoft has also issued an update for its Chromium-based Edge browser to address the same flaw. Immediate patching has been urged for both Chrome and Edge users. Google's emergency update comes after at least two North Korean state-sponsored threat actors have exploited an already addressed Chrome zero-day flaw, tracked as CVE-2022-0609, in attacks against hundreds of individuals, as well as software vendors, news media organizations, web hosting providers, and domain registrars. "We suspect that these groups work for the same entity with a shared supply chain, hence the use of the same exploit kit," Google said earlier this week.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.