Google issues Chrome update fixing mysterious zero-day exploit
Earlier this month, we learned aboutthe zero-day Chrome exploitthat state-sponsored hackers based in North Korea were able to access for just over a month before a patch was issued in mid-February. In that case, the hackers were able to fool the unwary with compromised real websites and sites they’d spoofed by securing similar domain names. Now, for the second time that we know of in 2022, there’s another Chrome zero-day and Google is rolling out yet another fix.
A new stable channel desktop Chrome update for Windows, Mac and Linux became available Friday. In aChrome Releases Blog post(found viaBleeping Computer) Google explains that there is one security update in the release, for zero-day exploit CVE-2022-1096, first reported to the company by an anonymous tip on March 23. The zero-day is a weakness in Chrome’s JavaScript engine that can be used by hackers to inject their code into your browser. It’s exactly the kind of thing that malicious actors love to use against their targets. Google won’t provide much more information other than admitting there have already been attacks leveraging this zero-day weakness.
The company explained keeping some information away from the public as a safety measure, stating that full details on how the exploit worked won’t be made public until most users have the fix. Fortunately, this time Google was apparently able to issue a patch before the exploit became widely known. Users should update to Chrome version 99.0.4844.84 as soon as possible.
The note-taking app I should have used all along
Broader branding hints at wider paid-tier ambitions
Putting verified names to APKs
This article is sponsored by Total Wireless.
Get 14 ports for $170
Tidal is the best app for streaming music
