An additional high-severity vulnerability was reported on Google Chrome and Chromium-based browsers such as Microsoft Edge. The vulnerabilities have been actively exploited by threat actors, and it is advised to immediately update your browser across all platforms (PC, Windows, and Linux) and restart the browser.
Additional information is available at the link below:
We'd like to raise awareness about a serious vulnerability with Google Chrome and Chromium based browsers such as Microsoft Edge. Please see the details below.
In short, all affected users need to update and restart the browser to resolve the vulnerability.
Please contact us with any questions or requests for assistance.
Jason Chambers - on behalf of the VMP Team
UCLA Information Security
Google Issues Emergency Security Update For 3.2 Billion Chrome Users — Attacks
Google has issued an emergency security update for all Chrome users as it confirms that attackers are already exploiting a high severity zero-day vulnerability.
The emergency update to version 99.0.4844.84 of Chrome is highly unusual in that it addresses just a single security vulnerability. A fact that only goes to emphasize how serious this one is.
In a Chrome stable channel update announcement, published March 25, Google confirms it "is aware that an exploit for CVE-2022-1096 exists in the wild."
All Chrome users are therefore advised to ensure their browsers are updated as a matter of urgency.
What is CVE-2022-1096?
Update March 28: Microsoft has now confirmed that this vulnerability exists in
Edge, which is a Chromium-based browser. Edge has also been updated to protect
users against the in-the-wild exploit. Go to settings|about and if your browser
version is 99.0.1150.55 or higher, it is no longer vulnerable to the CVE-2022-1096 issue. Chromium powers a whole bunch of browsers, including Brave and Vivaldi, and so I'd expect a lot of security fixes to be forthcoming.
How to apply the Google Chrome security patch now
Head for the Help|About option in your Google Chrome menu, and if the update is available, it will automatically start downloading.
It may take a few days for the update to reach everyone, so be patient if you are not seeing it yet.
Also, remember to restart your browser after the update has been installed, or it will not activate, and you will still be vulnerable to attack.