Google has issued an emergency security update for all Chrome users as it confirms that attackers are already exploiting a high severity zero-day vulnerability.
The emergency update to version 99.0.4844.84 of Chrome is highly unusual in that it addresses just a single security vulnerability. A fact that only goes to emphasize how serious this one is.
In a Chrome stable channel update announcement, published March 25, Google confirms it “is aware that an exploit for CVE-2022-1096 exists in the wild.”
All Chrome users are therefore advised to ensure their browsers are updated as a matter of urgency.
What is CVE-2022-1096?
Update March 28: Microsoft has now confirmed that this vulnerability exists in Edge, which is a Chromium-based browser. Edge has also been updated to protect users against the in-the-wild exploit. Go to settings about and if your browser version is 99.0.1150.55 or higher, it is no longer vulnerable to the CVE-2022-1096 issue. Chromium powers a whole bunch of browsers, including Brave and Vivaldi, and so I’d expect a lot of security fixes to be forthcoming.