Apr 1, 2022
On March 25th, Google released an update to fix a vulnerability in its Chrome Browser that was actively being exploited.
Tracked as CVE-2022-1096, the 0-day flaw is related to a type confusion vulnerability in the V8 JavaScript engine.
Google acknowledged it was aware of the vulnerability but did not share any additional specifics to prevent further exploitation.
CVE-2022-1096 is the second 0-day vulnerability in Chrome since the start of the year, the first being CVE-2022-0609, a user-after-free vulnerability in the Animation component that was patch on February 14th 2022.
Earlier last week, Google’s Threat Analysis Group (TAG) gave details of a twin campaign staged by North Korean backed groups that used the flaw to strike U.S. organizations in multiple industries.
Google is recommending Chrome users update to the latest version for Windows, Mac and Linux while Chromium based browsers such as Microsoft Edge, Opera and Vivaldi are being advised to apply for fixes when they become available.