Another Zero-Day flaw in the Chrome web browser for Windows, Macintosh, and Linux computers and Microsoft's Chromium-based Edge browser.
Google has released a fix to address this zero-day vulnerability (version 99.0.4844.84). Shortly after Google released Chrome 99.0.4844.84, Microsoft announced that it has updated its Chromium-based Edge browser to version 99.0.1150.55, to resolve CVE-2022-1096.
You can checked for new updates in Chrome by going into Chrome menu > Help > About Google Chrome. Most Chrome and Edge browser will auto-updated AND the update requires the browser to be restarted. Considering the disclosed vulnerability, you should update your Chrome browser to the latest version (at least 99.0.4844.84) or Microsoft Edge browser to the latest version (at least 99.0.1150.55) as soon as possible. These web browser will also auto-check for new updates and automatically install them after the next re-start or launch.
Double-check your browser is up-to-date
Chrome and Edge browsers will in many cases update to its newest version automatically.
However, we recommend you double-check if the update has been applied.
In Chrome, click on Settings then About Chrome
If an update is available, Chrome will show that here and then start the download process. When it's completed, it will ask to relaunch the browser to complete the update.
If the browser is up-to-date, it will say "Google Chrome is up to date" and list the version number. Make sure it's at least 99.0.4844.84
With this update, Google addressed the second Chrome zero-day since the start of 2022, the other one (tracked as CVE-2022-0609) patched last month.
(References: https://www.bleepingcomputer.com/news/security/emergency-google-chrome-update-fixes-zero-day-used-in-attacks; https://www.securityweek.com/google-issues-emergency-fix-chrome-zero-day; https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html )