Google has patched for another zero-day vulnerability in the Chrome browser.
The company released Chrome version 100.0.4896.127 for Windows, Mac, and Linux on April 14 to address the vulnerability identified as CVE-2022-1364. The company has disclosed two other zero-days, CVE-2022-0609 and CVE-2022-1096, since the start of the year.
Google didn’t offer many details about CVE-2022-1364. The company says it’s a type confusion vulnerability in the V8 engine used by Chrome and the Chromium project upon which it’s based that was reported by Clément Lecigne from its own Threat Analysis Group sometime in 2022.
That means other browsers that are based on the Chromium project, including Microsoft Edge and Vivaldi, are also affected by CVE-2022-1364. Microsoft and Vivaldi both acknowledged the vulnerability and said they’ve updated their browsers to the patched version of Chromium.
Google says it’s “aware that an exploit for CVE-2022-1364 exists in the wild.” It said the same thing about the zero-day vulnerabilities revealed earlier this year, too, one of which it eventually revealed was exploited by two North Korean hacking groups targeting organizations in the US.
Leave a Reply