Google has released Chrome Version 100.0.4896.127 for Windows, Mac, and Linux, to fix 2 security issues, including a known zero-day vulnerability (CVE-2022-1364).
According to Google, they are aware that an exploit for CVE-2022-1364 exists in the wild.
______________________________
A. Nature of Vulnerability
CVE-2022-1364
A high severity type confusion weakness in the Chrome V8 JavaScript engine that could allow threat actors to execute arbitrary code. This vulnerability was discovered and reported by ClĂ©ment Lecigne from Google’s Threat Analysis Group.
______________________________
B. Actions to be Taken
CERT-PH recommends the following actions be taken:
- Users and administrators are urged to update their Google Chrome version to the latest version.
- To manually check for an update, you may do the following steps:
Settings > Help > About Google Chrome
- Proactively monitor and secure identified systems and devices for any suspicious/malicious activities.
- In addition, providing and capacitating employees with cybersecurity knowledge and information to minimize the attack surface.
- For additional information, kindly refer to the official advisory: https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_14.html