Google has released Chrome 100.0.4896.127 for Windows, Mac and Linux with fixes for two vulnerabilities, to include one zero-day (CVE-2022-1364) exploited in the wild.
An attacker could exploit these vulnerabilities to take control of impacted systems.
“Google is aware that an exploit for CVE-2022-1364 exists in the wild,” Google warned in the advisory.
This is the second recently fixed zero-day V8-related vulnerability since last month. The other CVE-2022-1096 was patched on March 25, 2022.
A third Chrome ‘Use after free in Animation’ zero-day vulnerability CVE-2022-0609 was patched on February 14, 2022.
Both Google and the Cybersecurity and Infrastructure Security Agency (CISA) confirmed the vulnerability was being actively exploited in the wild.
- Google releases Chrome 99 security update with fix for zero-day vulnerability (CVE-2022-1096) exploited in the wild
- Google releases Chrome 98 security update with fix for zero-day vulnerability (CVE-2022-0609) exploited in the wild
- CISA adds 9 vulnerabilities to Known Exploited Vulnerabilities Catalog (to include new Adobe and Chrome zero-days)