For the third time this year, Google has released a Chrome update to patch a zero-day vulnerability, which is being actively exploited. It has a high severity rating, and has been dubbed Type Confusion in V8, and is being tracked as CVE-2022-1364. The exploit occurs in the JavaScript and WebAssembly system, and can cause Chrome to crash or arbitrary remote code execution (RCE). Chrome users on Windows, Mac and Linux are impacted and should update to version 100.4896.127 as soon as it’s available. In an April 14th blog post, Google stated that the update will be broadly available in the coming days and weeks.
To check which version of Chrome you’re running, you can type the following into Chrome’s address bar: chrome://version. For instructions on how to update Chrome on your devices, see the following Google support article.
Resource:
- naked security, Yet another Chrome zero-day emergency update – patch now!