Triskele Labs Blog

Security Bulletin - Active exploitation of Google Chrome Zero Day in the wild

Written by Nick Morgan | Apr 1, 2022 2:30:45 AM

Published Date: 30/03/2022

The purpose of this alert is to bring attention to a potential high impact vulnerability present in the Google Chrome browser application.  

At this time the nature of this vulnerability is not fully understood however it has caused Google to issue an emergency update which is highly unusual.   

Details

On 25 March 2022, Google issued a notification describing a vulnerability known as CVE-2022-1096: Type Confusion in V8 present in the Google Chrome browser application.  

No further details have been provided about the nature of this exploit however Google claims the CVE is HIGH and that active exploitation of this vulnerability is currently being observed. 

Triskele Labs Cyber Threat Intelligence (CTI) notes that this disclosure comes days after Google’s Threat Analysis Group (TAG) issued a report claiming North Korean Threat Actors targeted American users using Google Chrome with another vulnerability known as CVE-2022-0609, to steal crypto coin and intelligence. 

Currently it is understood that the vulnerability is present in all versions of Google Chrome prior to 99.0.4844.84. 

Mitigation Actions

If you are utilising any version of Google Chrome before the latest version (99.0.4844.84), you can install the latest patch by accessing the Help | About section within your Google Chrome menu which will enable an automatic update to the latest patch.  

Detailed instructions are available here:
https://support.google.com/chrome/answer/95414?hl=en&co=GENIE.Platform%3DDesktop  

Detection Capability

Managed Detection and Response are monitoring for suspicious activity within customer environments. 

Deployed SIEM and EDR agents on servers and endpoints will aid in detecting a threat actor successfully accessing an environment and commencing reconnaissance.  

References

References used for the generation of this release: