Google releases a patch for yet another zero-day vulnerability in the Chrome browser. The search giant released Chrome version 100.0.4896.127 for Windows, Mac, and Linux on April 14 to fix the vulnerability identified as CVE-2022-1364.
Google earlier disclosed two other zero-days, CVE-2022-0609 and CVE-2022-1096, at the start of the year.
The company has not shared many details about CVE-2022-1364. It is a type of confusion vulnerability in the V8 engine used by Chrome and the Chromium project upon which it’s based. Clément Lecigne from its own Threat Analysis Group reported in 2022.
The CVE-2022-1364 vulnerability also affects other browsers based on the Chromium project, such as Microsoft Edge and Vivaldi. Both Microsoft and Vivaldi acknowledged the vulnerability and updated their browser to the patched version of Chromium.
Google is aware that CVE-2022-1364 exists in the wild, earlier this year the company revealed zero-day vulnerabilities exploited by two North Korean hacking groups targeting organizations in the US.
GitHub Attacker Uses Stolen OAuth User Tokens to Breach Dozens of Organizations
JekyllBot:5 – Aethon TUG Hospital Robots Vulnerability Allows Hackers to Take Control
Haskers Gang Distributes ZingoStealer Malware to Other Cybercriminals for Free