Security Bulletin - Active exploitation of Google Chrome Zero Day in the wild
Published Date: 30/03/2022
The purpose of this alert is to bring attention to a potential high impact vulnerability present in the Google Chrome browser application.
At this time the nature of this vulnerability is not fully understood however it has caused Google to issue an emergency update which is highly unusual.
On 25 March 2022, Google issued a notification describing a vulnerability known as CVE-2022-1096: Type Confusion in V8 present in the Google Chrome browser application.
No further details have been provided about the nature of this exploit however Google claims the CVE is HIGH and that active exploitation of this vulnerability is currently being observed.
Triskele Labs Cyber Threat Intelligence (CTI) notes that this disclosure comes days after Google’s Threat Analysis Group (TAG) issued a report claiming North Korean Threat Actors targeted American users using Google Chrome with another vulnerability known as CVE-2022-0609, to steal crypto coin and intelligence.
Currently it is understood that the vulnerability is present in all versions of Google Chrome prior to 99.0.4844.84.
If you are utilising any version of Google Chrome before the latest version (99.0.4844.84), you can install the latest patch by accessing the Help | About section within your Google Chrome menu which will enable an automatic update to the latest patch.