Chrome users on Windows, macOS, and Linux have received an urgent upgrade notice from Google. A vulnerability in Google Chrome and Microsoft Edge is known as CVE-2022-1096 has prompted Google to issue a warning advising users to update to the most recent version. The warning comes after the discovery of a zero-day hack (meaning the breach was known to hackers before the vulnerability is patched) was uncovered, which Google says is currently “out in the open”. Anyone who does not install the most recent security update is at risk.
After a proof-of-concept (POC) exploit was publicly revealed on March 10th, the Muhstik malware gang developed a specialized spreader exploit for the Redis Lua sandbox escape vulnerability (recorded as CVE-2022-0543). Federal Civilian Executive Branch Agencies (FCEB) must safeguard their systems against these vulnerabilities, according to a binding operational directive (BOD 22-01) issued in November, with CISA giving them until April 18th to patch.
The US cybersecurity organization noted, “These types of vulnerabilities are a common attack vector for malevolent cyber actors of all types and represent a significant danger to the government enterprise.” CISA today added 30 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that they have been exploited in the open.