Source: https://cobaltstrike.net/2022/03/28/google-urgently-fixed-the-0-day-vulnerability-in-chrome/
Google urges users of Windows, macOS and Linux to urgently update the Chrome browser to version 99.0.4844.84. The reason is the discovery of a vulnerability that is already actively exploited in hacker attacks.
The company does not disclose details about the vulnerability in order to give users time to install updates. For the same reason, it has not yet been reported whether it affects third-party libraries used in other projects. It is only known that the problem is a mismatch of the input data types (Type Confusion) in the V8 engine, and it has been assigned the identifier CVE-2022-1096. An anonymous researcher notified Google about it on March 23, 2022.
V8 is a JavaScript engine in Chrome, also used in Node.js . Whether the vulnerability affects Node.js, not reported yet.
Immediately after Google, Microsoft issued its own security notice, according to which the same vulnerability was also fixed in Edge version 99.0.1150.55.
Recall that recently it became known about the exploitation of another zero-day vulnerability in Chrome (CVE-2022-0609), by two groups supported by the North Korean government.