A Google Chrome remote code execution (RCE) zero-day vulnerability is being actively exploited by at least two threat groups, according to Google. Operation AppleJeus and Operation Dream Job have been exploiting this flaw since as early as January 4, 2022.
Originally discovered by North Korean threat actors, the vulnerability allows threat actors to reference memory addresses after they have been freed by Chrome in order to crash the application, use unexpected values, or execute arbitrary code remotely.
Tracked as CVE-2022-1096, a high-priority security patch has been released to update Google Chrome to version 99.0.4844.84 in response. All of the world’s 3,200,000,000 Chrome users are advised to ensure their browsers are updated as a matter of urgency.
iTechPost Summary: https://www.itechpost.com/articles/109748/20220328/google-chrome-security-update-cve-2022-1096-high-severity-zero.htm
