Google releases emergency security update for Chrome users after second 0-day of 2022 discovered

Chrome

Google has released an urgent update for a 0-day vulnerability found on March 23 affecting Chrome.

Google gave CVE-2022-1096 a high severity rating and said an exploit for the vulnerability exists in the wild. Google patched the bug for Windows, Mac, and Linux operating systems users in Chrome 99.0.4844.84.

Microsoft also released a warning about the issue and patched it for Edge users. Little information is available about the issue but experts said it is tied to V8, Google’s open source JavaScript engine. 

The vulnerability was submitted anonymously, according to Google. 

Bugcrowd CTO Casey Ellis said the first thing that stood out about the update is that it only fixes a single issue. 

“This is pretty unusual for Google – they usually fix multiple issues in these types of releases – which suggests that they are quite concerned and very motivated to see fixes against CVE-2022-1096 applied across their user-base ASAP,” Ellis said.  

“The second thing is the speed of the patch being rolled out. The vulnerability was only reported on the 23rd of March, and while Google’s Chrome team tends to be fairly prompt in developing, testing, and rolling patches, the idea of a patch for software deployed as widely as Chrome in 48 hours is something I continue to be impressed by.” 

This is the second 0-day in Chrome that Google has announced this year. Just last week the tech giant said North Korean hackers had exploited CVE-2022-0609 – which was patched in a February release – during two separate hacking campaigns. 

Google Threat Analysis Group’s Adam Weidemann explained that on February 10, the company discovered two different North Korean campaigns – which they attributed to Operation Dream Job and Operation AppleJeus – exploiting the vulnerability. 

The post Google releases emergency security update for Chrome users after second 0-day of 2022 discovered appeared first on The Record by Recorded Future.

Article Link: Google releases emergency security update for Chrome users after second 0-day of 2022 discovered - The Record by Recorded Future