Google has released Chrome 100.0.4896.127 for Windows, Mac and Linux with fixes for two vulnerabilities, to include one zero-day (CVE-2022-1364) exploited in the wild.
An attacker could exploit these vulnerabilities to take control of impacted systems.
The latest Chrome 100 (100.0.4896.127) security update patched two vulnerabilities in total, to include one zero-day ‘Type Confusion in V8’ vulnerability CVE-2022-1364. Chrome V8 is a JavaScript engine responsible for processing JavaScript code and is used in Chrome and Chromium web browsers.
“Google is aware that an exploit for CVE-2022-1364 exists in the wild,” Google warned in the advisory.
This is the second recently fixed zero-day V8-related vulnerability since last month. The other CVE-2022-1096 was patched on March 25, 2022.
A third Chrome ‘Use after free in Animation’ zero-day vulnerability CVE-2022-0609Â was patched on February 14, 2022.
Both Google and the Cybersecurity and Infrastructure Security Agency (CISA) confirmed the vulnerability was being actively exploited in the wild.
Related Articles
- Google releases Chrome 99 security update with fix for zero-day vulnerability (CVE-2022-1096) exploited in the wild
- Google releases Chrome 98 security update with fix for zero-day vulnerability (CVE-2022-0609) exploited in the wild
- CISA adds 9 vulnerabilities to Known Exploited Vulnerabilities Catalog (to include new Adobe and Chrome zero-days)