On Friday, March 25, Google released a new Chrome update for Windows, Linux, and Mac. The only thing mentioned in the description of this release was the security update for “zero-day exploit CVE-2022-1096”, without any explanation of what this exploit was about. Still, if you use Chrome, you better install it.
Google does not reveal much about this zero-day exploit that mush has been found in the previous version immediately. Either it had done so little harm that Google decided to ignore it, or the harm was serious enough to not let the word out. The official explanation is that Google does not want to expose the details until most users have installed the current 99.0.4844.84 version that fixes the issue.
Anyway, the issue is reported to have been solved. The exploit was reported to the company anonymously on March 23, so it took the developers two days to fix it. It will take a little more time for users to receive the update and install it. There may be more attacks given that some users have already become the victims of the attacks using the exploit, and some more may in the days to come.
It’s not the first zero-day exploit that Chrome users suffered from in 2022. In January, North Korean hackers found out how to use a zero-day exploit for easily faking popular sites and thus spreading malware. That time the issue hit the fan after hundreds of users were fooled into installing that malware and spreading it around. This time, Google was quick enough to fix it in two days, while the previous exploit remained active for about a month.
Have you ever noticed the exploit in action? Or maybe you know some victims of it or even have become one yourself? We’d like to learn more about it, but so far we only know what the official sources say. If you are informed better and ready to share this information, please share it in the comments!
Leave a comment
Your comment is awaiting moderation. We save your draft here
0 Comments