Google has released patches for two security flaws in Chrome, of which one was being exploited in the wild.
The zero day is tracked as CVE-2022-1364, a high severity flaw reported to the Chrome team by Clément Lecigne of Google’s Threat Analysis Group on.
“Google is aware that an exploit for CVE-2022-1364 exists in the wild,” the company says.
The fixes are contained in the Chrome stable channel release 100.0.4896.127 for Windows, Mac and Linux. It will roll out over the coming days or weeks, according to Google.
The US government’s Cybersecurity and Infrastructure Agency advised users to update their software and said “This version addresses a vulnerability that an attacker could exploit to take control of an affected system. This vulnerability has been detected in exploits in the wild.”
Google fixed 14 Chrome zero-day flaws in 2021, up from seven in 2020. Google argued that the uptick in Chrome zero-days might be alarming for some, but it may also indicate the company is getting better at catching and fixing them. One reason for hackers focusing on Chrome is because of the demise of