ipv6 ready

Google Chrome emergency update fixes zero-day used in attacks

Discussions sur la sécurisation des protocoles, les authentifications, les CVE, les failles de sécu, le chiffrement,...

Modérateur : solar10Belgique

Répondre
Avatar du membre

Auteur du sujet
arl0ng
Légendaire ⭐⭐⭐⭐⭐
Légendaire ⭐⭐⭐⭐⭐
Messages : 1574
Enregistré le : 13 avr. 2019, 13:03
A remercié : 11 fois
A été remercié : 72 fois
Âge : 34
Statut : Hors ligne

Google Chrome emergency update fixes zero-day used in attacks

#1

Message par arl0ng »

https://www.bleepingcomputer.com/news/s ... n-attacks/

Code : Tout sélectionner


Google has released Chrome 100.0.4896.127 for Windows, Mac, and Linux, to fix a high-severity zero-day vulnerability actively used by threat actors in attacks.

"Google is aware that an exploit for CVE-2022-1364 exists in the wild," Google said in a security advisory released today.

While Google states that this Chrome update will roll out over the next few days/weeks, users can receive it immediately by going into the Chrome menu > Help > About Google Chrome.

The browser will also automatically check for new updates and install them the next time you close and relaunch Google Chrome.

[https://www]Google Chrome 98 update

As this bug is actively exploited in attacks, it is strongly advised that you perform a manual check for new updates and relaunch the browser to apply them.

Few details disclosed

The zero-day bug fixed today is tracked as CVE-2022-1364 and is a high severity type confusion weakness in the Chrome V8 JavaScript engine.

While type confusion flaws generally lead to browser crashes following successful exploitation by reading or writing memory out of buffer bounds, attackers can also exploit them to execute arbitrary code.

This vulnerability was discovered by Clément Lecigne from Google's Threat Analysis Group who reported it to the Google Chrome team yesterday.

While Google said they have detected attacks exploiting this zero-day, it did not provide further details regarding how these attacks are conducted.

"Access to bug details and links may be kept restricted until a majority of users are updated with a fix," Google added.

This is the only vulnerability disclosed in this update, indicating that Chrome 100.0.4896.127 was pushed out as an emergency update to resolve this issue.

Third Chome zero-day fixed this year

With this update, Google has addressed the third Chrome zero-day since the start of 2022.

The previous two vulnerabilities found in 2022 are listed below.

CVE-2022-1096 - March 25th

CVE-2022-0609 - February 14th

As this zero-day is known to be used in attacks, it is strongly advised to update Google Chrome as soon as possible.



Sent from my Xiaomi Mi 10 T Pro using Tapatalk



EDPNet VDSL XL & Fritz!Box 7530
Orange Go Intense
NAS Synology DS115J
Xiaomi Mi 10T pro

Lien :
BBcode :
HTML :
Masquer les liens de partage du message
Afficher les liens de partage du message
Message déplacé du forum Software vers le forum Sécurité par Mackguil le 17 avr. 2022, 11:03

Répondre