Google has released a patch for a zero day exploit in Google Chrome – the second zero day patched so far this year.
Tracked as CVE-2022-1096, this High severity Type Confusion vulnerability was reported on 23rd March and a patch was released just 48 hours later. Google is aware that an exploit exists in the wild, hence the rapid response.
The vulnerability is fixed in Google Chrome 99.0.4844.84 on Windows, Mac and Linux. Other browsers that are based on Chromium will also need updating to fix this issued; Microsoft Edge fixes this issue in version 99.0.1150.55
Even with automatic updated turned on, you may need to nudge Chrome to update by checking its version number by clicking Settings -> About Chrome on Windows or Chrome -> About Chrome on Mac.
This is the second zero day vulnerability patched in Chrome this year. In February a use after free vulnerability (CVE-2022-0609) was patched after it was observed being used by a North Korean based attacker group.