A bug in the JavaScript engine is actively exploited by hackers. It is recommended to update the browser immediately.
For the second time this year, Google is releasing a security patch for Chrome, with the aim of closing a zero-day flaw (CVE-2022–1096) actively used by hackers. This time it is a bug in the browser’s V8 JavaScript engine. The vulnerability is of the “type confusion” type, which means that a variable or an object can access memory under a different type than originally intended.
Last February, Google had already patched a zero-day flaw (CVE-2022–0609) in Chrome’s “Animation” module. As detailed in a report published a few days ago, this vulnerability was used by two suspected North Korean hacker groups. The first, baptized “Operation Dream Job”, sent false recruitment announcements to 250 people in a dozen American companies: media, hosts, domain name registrars, software publishers.
The second group, “Operation AppleJuice”, distributed links to fake sites talking about cryptocurrency. It targeted 85 people working in this economic sector. Unfortunately, Google was only able to analyze the malware dedicated to the initial compromise. It is therefore not known what the objectives of these attacks were.
