Yet another Chrome zero-day emergency update – patch now! – Naked Security

For the third time this year, Google’s Chrome browser has quietly received a security update along with the dreaded words, “Google is aware that an exploit […] exists in the wild. ”

In this case, the bug is officially dubbed CVE-2022-1364: Type Confusion in V8.

V8 is Google’s JavaScript engine – the same one that’s used by Edge and many other mainstream browsers.

The V8 engine is also used in node.jsa standalone JavaScript programming ecosystem that’s very widely used these days as a server application language.

How bad is this bug?

We can not tell from Google’s downplayed warning, but about a month after the company’s first zero-day fix of the year, it published a fairly dramatic follow-up report.

In that case, Google wrote that the bugs uncovered had been traced back to two different North Korean cybercrime groups, and that attacks had apparently spanned the media, IT, cryptocurrency and fintech industries.

We’re not aware of any follow-up report for last month’s emergency patch – it’s possible, after all, that Google simply has not traced the second lot of attacks back to their source yet…

… But, as we remarked last time, and the time before: patch now!

Why stay behind when you can now be ahead of the crooks?

(For advice on how to check and what version numbers to look for in both Chrome and Edge, see our What to do? section below.)

Related posts


Latest posts

YouAttest collaborates with JumpCloud to give users access reviews for identity governance

YouAttest announced their product integration with JumpCloud - an open directory platform that gives IT, security...

SLACIP: How to Comply with the SOCI ACT Reforms

On March 31, 2022, the Security Legislation Amendment Critical Infrastructure Protection Act 2022, also known as SLACIP, was passed by the Australian Parliament. ...

Microsoft patches the Patch Tuesday patch that broke authentication – Naked Security

Two of the big-news vulnerabilities in this month's Patch Tuesday updates from Microsoft were CVE-2022-26923 and CVE-2022-26931which affected the safety of authentication in Windows. Even...

Want to stay up to date with the latest news?

We would love to hear from you! Please fill in your details and we will stay in touch. It's that simple!