Google has released an update for Chrome to fix the browser's second actively exploited zero-day vulnerability, CVE-2022-1096, which was found earlier this year.
In February, the first Chrome zero-day of 2022 was detected. CVE-2022-0609 was later discovered to have been exploited by two state-sponsored North Korean hacker groups attempting to breach a variety of targets in the United States.
A second Chrome zero-day has now been found and is being actively abused. At the time of writing, Google hasn't said much about the weakness, other than that it's a High severity type confusion flaw detected in the V8 open source JavaScript and WebAssembly engine.
Other details regarding the flaw haven't been published, such as who reported it, how much they'll get through Google's bug bounty program, or how it may be exploited. However, Google claims to be "aware that an attack for CVE-2022-1096 exists in the wild."