At least 3.2 billion Chrome users could be at risk because of the high severity zero-day vulnerability.
Google released an emergency security update for Google Chrome Stable on 25th March 2022 to patch a high-severity zero-day security vulnerability in the web browser that is potentially exploited in the wild already.
The update was released for Chrome version 99.0.4844.84. Google claims that it is a highly unusual flaw that has been addressed as a single security vulnerability, which indicates how serious this one could be. In its update announcement, Google also confirmed the vulnerability tracked as CVE-2022-1096, stating that it was aware that an exploit was available for it.
Vulnerability Existing in Edge
Edge is a Chromium-based browser, and according to Google, the vulnerability exists in this browser. Hence, Edge was updated to prevent users from getting exploited. The company has urged users to update their browsers urgently, and if they are using browser version 99.0.1150.55 or above, they are not vulnerable to CVE-2-2022-1096.
For your information, Chromium supports several browsers apart from Edge, including Vivaldi and Brave. Therefore, we can expect more patches to come forth shortly.
About CVE-2022-1096
Google hasn’t disclosed many details about the vulnerability except that it is a “Type Confusion V8,” which refers to the JavaScript used by Chrome. The patch was released for the Stable Channel for the Chromium browser.
Google reported that the bug exploits an issue with variable types in the V8 JavaScript engine for Chrome. The company suspects that security researchers and malware authors are trying to exploit this vulnerability, putting 3.2 billion Chrome users at risk.
If a variable/memory location is accessed with the wrong type, it leads to a crash or the error memory out of bounds, allowing arbitrary code execution. This issue generally occurs in languages that aren’t considered type-safe, like JavaScript, C, and C++. That’s why web browsers are highly susceptible to exploitation.
How to Download the Patch?
The update is available for all compatible desktop systems. Google noted that it would automatically roll out updates for all devices in the coming days or weeks. This marks the second zero-day vulnerability Google patched this year in the Chrome browser.
The first was released in February 2022. Open the Chrome browser and select Menu > Help > About Google Chrome to download the patch. Or else you can type and load chrome://settings/help directly in the address bar.
More Chrome Security Topics
- Chrome on Android will alert, fix your compromised password
- New malware lures fake Chrome update to attack Windows PCs
- Malvertising attack distributes malicious Chrome extensions, backdoors
- Researcher release PoC exploit for 0-day in Chrome, Edge, Brave, Opera
- Urgent Chrome security update released to patch widely exploited 0-day
