For clarity, the term “zero-day” refers to an unforeseen or unconsidered bug or another code issue within the browser that can be exploited by bad actors. Or, conversely, to refer to a problem that’s known but which doesn’t have a fix yet. The latest patch fixes the zero-day exploit CVE-2022-1096. Specifically, a vulnerability in the JavaScript engine used by Chrome. With the vulnerability, bad actors can effectively insert their own code into the browser. Allowing malicious entities to execute code that could compromise users and their data. And potentially in any number of ways.
Why aren’t there more details about this Chrome Zero Day-fixing update?
Now, Chrome is no stranger to exploits despite Google’s claims about its security. In fact, while the company has been subject to zero-day exploits in the past, this isn’t the first time this year either. Earlier this year, the company was reportedly forced by another zero-day exploit to roll out an update patch. That patch, rolled out in February, fixed a bug that allowed North Korean hackers to compromise real websites and create spoof sites. In the latter case, primarily via the use of unsecured domain names that closely matched the real ones. The compromise lasted a little longer than a month. Google was informed of the latest problem with Chrome back on March 23. Specifically, via an anonymous tip. However, details about this most recent zero-day exploit haven’t been revealed just yet. It also isn’t clear whether or not the latest vulnerability has been exploited. That will remain the case until the patch is widely rolled out and most users have updated to version 99.0.4844.84. Detailing the exploit makes it easier for malicious entities to make use of it. As such, Chrome users are advised to update to the latest version of Chrome as soon as possible. The update applies specifically to Windows, Mac, and Linux platforms.