Google has issued an emergency security update for all Chrome users across the world as the tech giant confirms that attackers are already exploiting a high severity zero-day vulnerability.
Issuing the warning to Chrome users via its official Chrome Blog, Google revealed that Chrome on Windows, macOS and Linux is vulnerable to a new ‘zero-day’ hack (CVE-2022-1096) which is the most dangerous form of attack because it means the vulnerability is known to hackers before Google could issue a fix.
According to the company, “Google is aware that an exploit for CVE-2022-1096 exists in the wild,” implying that every Chrome user is vulnerable.
“V8 is Chrome’s component that’s responsible for processing JavaScript, the engine at the heart of Chrome, and the hack tricks the browser into running a different type of (in this case, malicious) code.
“V8 attacks have been relatively rare in recent months but they can be among the most dangerous if a hacker is able to create a successful exploit.
Google further said that it is currently restricting information about the exploit to buy time for Chrome users to upgrade. The company has thus far revealed that the threat level is “High”, and that it knew about it through an anonymous tip-off.
In response, Google announced an emergency update for Chrome (99.0.4844.84) “for Windows, Mac and Linux which will roll out over the coming days/weeks”.
“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” the tech company said.
“We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.”
