Google has released Chrome 100.0.4896.127 for Windows, Mac, and Linux to address a critical zero-day vulnerability that threat actors are actively exploiting in attacks. Google reported in their most recent security advisory that they are aware of an exploit for CVE-2022-1364 being used in the wild. Due to the fact that this vulnerability is actively used in attacks, it is strongly recommended that users check for current updates and restart the browser to install them.
CVE-2022-1364 is the identifier for the zero-day vulnerability for Google Chrome, which is a high-severity type confusion flaw in the Chrome V8 JavaScript engine. While type confusion issues typically result in browser crashes if an attacker successfully exploits them by reading or writing memory outside of the confines of the buffer, they can also be used to execute arbitrary code.
While Google stated that it has observed attacks leveraging this zero-day vulnerability, it did not elaborate on how these attacks are carried out. Google has fixed the third Chrome zero-day vulnerability since the start of 2022 with this release.
