Hackers Actively Exploiting New Zero-Day Bug in Chrome 99. Update Now!

Google is rolling out a new incremental update for Chrome users on Windows, Mac, and Linux, this time to include an emergency fix for a newly discovered zero-day vulnerability.

Chrome 99 is the latest iteration of the world’s most popular web browser. Released at the beginning of March, it has seen several incremental updates, mostly packing security fixes – including fixes for some critical bugs.

The latest release is no different, except instead of patching dozens of bugs, it addresses a single security hole that bad actors are actively exploiting.

“The Stable channel has been updated to 99.0.4844.84 for Windows, Mac and Linux which will roll out over the coming days/weeks,” writes Prudhvi Kumar Bommana, of the Google Chrome team. “This update includes 1 security fix.”

The flaw in question, tracked as CVE-2022-1096, is a Type Confusion bug reported by an anonymous researcher earlier this month.

Type confusion flaws can be leveraged to create powerful exploits. When software fails to verify an object type, it can end up using it blindly (without type-checking), which leads to type confusion. From there, function pointers or data can be intentionally fed into the wrong piece of code, enabling malicious code execution in some circumstances.

“Google is aware that an exploit for CVE-2022-1096 exists in the wild,” Bommana writes.

In usual fashion, the web giant keeps the exploit details under wraps, giving Chrome users a decent time window to patch up before bad actors start targeting vulnerable systems.

To do so, visit Chrome’s Settings pane, choose About Chrome, and wait for the browser to download its patch automatically. When prompted, restart the app to apply the patch.

Stay safe!