Google Releases Urgent Chrome Update to Fix Actively Exploited Zero-Day Vulnerability

Google released an out-of-band security update on Friday to address a high-severity vulnerability in its Chrome browser that it says is being actively exploited in the wild.

Tracked as CVE-2022-1096, the zero-day flaw is related to a type confusion vulnerability in the V8 JavaScript engine. An anonymous researcher was credited with reporting the bug on March 23, 2022.

Type confusion errors, which occur when a resource (e.g. variable or object) is accessed using a type incompatible with what was originally initialized, can have serious consequences. in languages ​​that are not memory-safe like C and C++, allowing a malicious program actor to perform out-of-bounds memory access.

Automatic GitHub backups

“When a memory buffer is accessed using the wrong type, it may read or write memory outside the bounds of the buffer, if the allocated buffer is smaller than the type the code is trying to access, resulting in a crash and possibly execution code,” says MITER’s Common Weakness Enumeration (CWE).

The tech giant acknowledged that it was “aware that an exploit for CVE-2022-1096 exists in the wild”, but refrained from sharing additional details to prevent further exploitation and until that a majority of users are updated with a patch.

CVE-2022-1096 is the second zero-day vulnerability patched by Google in Chrome since the start of the year, the first being CVE-2022-0609, a use-after-release vulnerability in the Animation component that was patched on February 14th. , 2022.

Prevent data breaches

Earlier this week, Google’s Threat Analysis Group (TAG) leaked details of a dual campaign by North Korean nation-state groups that weaponized the loophole to strike at state-based organizations. States covering the media, IT, cryptocurrency and fintech sectors.

Google Chrome users are highly recommended to update to the latest version 99.0.4844.84 for Windows, Mac and Linux to mitigate any potential threats. Users of Chromium-based browsers such as Microsoft Edge, Opera, and Vivaldi are also advised to apply patches as they become available.

Comments are closed.