Google has released an emergency security fix for Chrome 99 to address a vulnerability that has already been publicly exploited.
The security flaw, dubbed CVE-2022-1096 and rated as high-severity, is described as a Type Confusion fault in the V8 JavaScript and WebAssembly engine.
The bug was reported by an anonymous researcher, according to Google, and the business has yet to calculate the bug bounty amount for this issue.
“Google is aware that an exploit for CVE-2022-1096 has been discovered in the wild,” the company says in its alert, without going into detail about the vulnerability or the exploitation it discovered.
Chrome 99.0.4844.84 includes a fix for this problem, which is currently available for Windows, Mac, and Linux users.
Google has fixed CVE-2022-1096, the second Chrome zero-day this year.
The first Chrome zero-day, identified as CVE-2022-0609 and fixed in February, was used by at least two North Korean threat actors to target hundreds of individuals, news organisations, domain registrars, software companies, and web hosting providers.
“We assume that these groups are part of the same entity with a shared supply chain,” Google said earlier this week.
Microsoft said that it has updated its Chromium-based Edge browser to version 99.0.1150.55, which resolves CVE-2022-1096, shortly after Google released Chrome 99.0.4844.84.
Users of Chrome and Edge should apply the available updates as soon as feasible.
