Google releases an urgent Chrome update to patch an actively exploited zero-day vulnerability

Google released an out-of-band security update on Friday to fix a high-severity vulnerability in its Chrome browser that is being actively exploited in the wild, according to the company.

The zero-day vulnerability, identified as CVE-2022-1096, is a type misunderstanding vulnerability in the V8 JavaScript engine. On March 23 2022 an anonymous researcher was credited with disclosing the problem.

In languages that are not memory safe, such as C and C++, type confusion errors, which occur when a resource (e.g. a variable or an object) is accessed using a type that is incompatible with what was originally initialised. This could have serious consequences allowing a malicious actor to perform out-of-bounds memory access.

If the allocated buffer is smaller than the type that the function is attempting to access it could read or write memory beyond of the confines of the buffer. Resulting in a crash and perhaps code execution according to MITRE’s Common Weakness Enumeration (CWE).

The tech giant admitted that an exploit for CVE-2022-1096 exists in the wild. However they declined to provide any details in order to avoid further exploitation and until the bulk of customers have been updated with a remedy.

CVE-2022-1096 is Google’s second zero-day vulnerability in Chrome since the beginning of the year. The first being CVE-2022-0609 a use-after-free flaw in the Animation component that was patched on February 14, 2022.

Google’s Threat Analysis Group (TAG) revealed details of a parallel effort orchestrated by North Korean. They use their nation-state organisations to target U.S.-based firms in the news media, IT, cryptocurrency and finance industries earlier last week.

To avoid any potential dangers Google Chrome users should update to the current version 99.0.4844.84 for Windows, Mac and Linux. Users of Chromium-based browsers such as Microsoft Edge, Opera, and Vivaldi should also update as soon as the updates are released.

Share This Post:

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on pinterest
Pinterest
Share on email
Email
Share on whatsapp
WhatsApp
Arjun Gopireddy
Arjun Gopireddy
Arjun is an Information Security Specialist, and his main role is to support our clients by identifying and advising on mitigating information security risks. Holding a Master’s degree in Cyber Security (UK) and Engineering Management (USA) his knowledge and skills are shared with our clients. Outside of work Arjun likes watching movies, travelling, playing cricket, football and doing adventurous things such as sky diving. He is the biggest fan of Yuvraj Singh – a former Indian international cricketer.
What our clients say:
Subscribe to our newsletter

Sign up to receive updates, promotions, and sneak peaks of upcoming products. Plus 20% off your next order.

Promotion nulla vitae elit libero a pharetra augue
Subscribe to our newsletter

Sign up to receive updates, promotions, and sneak peaks of upcoming products. Plus 20% off your next order.

Promotion nulla vitae elit libero a pharetra augue