Google on Thursday shipped emergency patches to address two security issues in its Chrome web browser, one of which it says is being actively exploited in the wild.
As is typically the case with actively exploited zero-day flaws, the company acknowledged it's "aware that an exploit for CVE-2022-1364 exists in the wild." Additional details about the flaw and the identity of the threat actors have been withheld to prevent further abuse.
With the latest fix, Google has patched a total of three zero-day vulnerabilities in Chrome since the start of the year. It's also the second type confusion-related bug in V8 to be squashed in less than a month -
Full report link
ADD PATCH MANAGEMENT TO YOUR ENDPOINT MANAGER ENVIRONMENT TO EVALUATE, TEST, AND APPLY OS AND APP PATCHES ENTERPRISE‑WIDE—AUTOMATICALLY with Ivanti
Proactively patch against active exploits
No organization can patch all the vulnerabilities in their environment. Ivanti Neurons for Patch Management provides intelligence on known exploits and threat-context for vulnerabilities so you can prioritize remediation based on adversarial risk. Further, Ivanti’s Vulnerability Risk Rating (VRR) better arms you to take risk-based prioritized action than CVSS scoring by taking in the highest fidelity vulnerability and threat data plus human validation of exploits from penetration testing teams.