Google has rolled out an out-of-band security update to address a high-risk zero-day vulnerability in its Chrome browser actively exploited by hackers.
The vulnerability, tracked as CVE-2022-1096, is a type confusion issue in within the V8 JavaScript engine in Google Chrome that allows remote code execution. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.
Google said it was aware of the flaw being used in cyberattacks, but didn’t provide any additional information on when, where, or by whom the bug was exploited.
This is a second zero-day Chrome vulnerability Google has fixed since the start of the year. In February, the tech giant patched a zero-day flaw, exploited by North Korean state-backed hackers in attacks targeting US-based organizations, such as news media, IT, cryptocurrency and fintech companies.