Yet another Chrome zero-day emergency update – patch now!


For the third time this year, Google’s Chrome browser has quietly received a security update together with the dreaded words, “Google is aware that an exploit […] exists in the wild. “

RELATED POSTS

In this case, the bug is officially dubbed CVE-2022-1364: Type Confusion in V8.

V8 is Google’s JavaScript engine – the same one that’s used by Edge and many other mainstream browsers.

The V8 engine is also used in node.jsa standalone JavaScript programming ecosystem that’s very widely used these days as a server application language.

How bad is this bug?

We can’t tell from Google’s downplayed warning, but about a month after the company’s first zero-day fix of the year, it published a fairly dramatic follow-up report.

In that case, Google wrote that the bugs uncovered had been traced back to two different North Korean cybercrime groups, and that the attacks had apparently spanned the media, IT, cryptocurrency and fintech industries.

We’re not aware of any follow-up report for last month’s emergency patch – it’s possible, after all, that Google simply hasn’t traced the second lot of attacks back to their source yet

… But, as we remarked last time, and the time before: patch now!

Why remain behind when you can now be ahead of the crooks?

(For advice on how to check and what version numbers to look for in both Chrome and Edge, see our What to do? section below.)