Google updates an urgent security vulnerability for 3.2 billion Chrome users

On March 25, Google confirmed the existence of a security vulnerability with the symbol CVE-2022-1096 on the Chrome browser. Users only know about this security hole after most have updated the patch. Google has released Chrome version 99.0.4844.84 to Windows, Mac and Linux users via its Stable Desktop channel globally, and it could take a few weeks to reach everyone.

To check if your software has received new updates, click the three dots on the top right, select Help > About Google Chrome. You will find out which version of Chrome you are using here. The browser will automatically check for new and installed updates.

In fact, Google is very tight-lipped about the vulnerability and only announced the detection of attacks exploiting it. The company emphasizes that users can still be attacked even after updating the browser if this vulnerability persists in third-party libraries of other projects.

In addition to the vulnerability causing the browser to crash, an attacker could deploy binary code. According to Bleeping Computer, this is the second zero-day vulnerability in 2022, the first one (CVE-2022-0609) patched last month. Hackers have used it in campaigns to spread malicious code by phishing emails, through fake job offers and malicious websites.

Currently, security experts have not released all the details related to CVE-2022-1096. The disclosed information shows that the vulnerability is related to the JavaScript code used by Chrome.