Google fixed third zero-day in Chrome since the start of 2022

Google Chrome 100.0.4896.127 addresses a new high-severity zero-day vulnerability tracked as CVE-2022-1364, actively exploited by threat actors in the wild.

Google has released Chrome 100.0.4896.127 for Windows, Mac, and Linux to address a high-severity zero-day, tracked as CVE-2022-1364, that is actively exploited by threat actors in attacks.

The CVE-2022-1364 zero-day is a type confusion issue that resides in the V8 JavaScript engine that was reported by Clément Lecigne of Google’s Threat Analysis Group on April 13, 2022.

Shane Huntley, Google’s Threat Analysis Group chief, highlighted that the flaw was quicky addressed by the company.

“Google is aware that an exploit for CVE-2022-1364 exists in the wild,” reads the security advisory.

The IT giant did not provide technical details about the attacks, as usual, it plans to keep them restricted to give the time to the users to install the security fix.

This is the third Chome zero-day vulnerability addressed by the company this year, previous bugs fixed by the company are CVE-2022-1096 (Type Confusion in V8 JavaScript engine fixed on March 25) and CVE-2022-0609 (a use after free issue that resides in Animation February fixed on February 14).

Please vote for Security Affairs as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog” and others of your choice.
To nominate, please visit: https://docs.google.com/forms/d/e/1FAIpQLSfxxrxICiMZ9QM9iiPuMQIC-IoM-NpQMOsFZnJXrBQRYJGCOw/viewform  

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Google Chrome)

[adrotate banner=”5″]

[adrotate banner=”13″]