Get in Touch
Google releases patch for actively exploited zero-day
Government entities, critical national infrastructure, high-risk/value individuals.
The impact of a successful exploit has not been made public until users and developers have had sufficient time to patch their systems and/or update their own projects that may also be affected.
Navigate within Chrome to Help > About Google Chrome. The latest version which encompasses this patch is 18.104.22.168.121. It is not known which versions below this are impacted.
– Google Chrome
Containment, Mitigations & Remediations
There are no workarounds that address these vulnerabilities. As such, it is strongly recommended that users upgrade the affected products to version 112.0.5615.121
Indicators of Compromise
No specific Indicators of Compromise (IoCs) are available at this time.
Google Chrome holds a significant portion of the web browser market and is based on Chromium, an open-source browser that is also the foundation of other web browsers such as Microsoft Edge and Brave Opera. This may mean that other browsers may be susceptible to this exploit and release updates themselves in the coming days. The discovery was made by the Google TAG team which works to counter government-backed hacking and attacks against Google and users of its products and services.
No attribution to specific threat actors or groups has been identified at the time of writing.
TA0001 – Initial Access
T1176– Browser Extensions
TA0009 – Collection
Google Update Channel