Story Highlights
- Google released an emergency security update for Google Chrome
- Stable on 25th March 2022
- The update was released for Chrome version 99.0.4844.84.
- At least 3.2 billion Chrome users could be at risk because of the high severity zero-day vulnerability.
- All Chrome users are advised to ensure that their browsers are updated as soon as possible
Google released an emergency security update for Google Chrome Stable on 25th March 2022 to patch a high-severity zero-day security vulnerability in the web browser that is potentially exploited in the wild already.
The update was released for Chrome version 99.0.4844.84. Google claims that it is a highly unusual flaw that has been addressed as a single security vulnerability, which indicates how serious this one could be. In its update announcement, Google also confirmed the vulnerability tracked as CVE-2022-1096, stating that it was aware that an exploit was available for it.
All Chrome users are therefore advised to ensure that their browsers are updated as soon as possible. other than that it is referred to as a Type Confusion in V8. This nods to the JavaScript engine employed by Chrome. The lack of detail is not surprising as the flaw is already being exploited by attackers. Google will likely reveal technical details when an update is able to protect most of the company’s users.
Vulnerability exists in this browser
Edge is a Chromium-based browser, and according to Google, the vulnerability exists in this browser. Hence, Edge was updated to prevent users from getting exploited. The company has urged users to update their browsers urgently, and if they are using browser version 99.0.1150.55 or above, they are not vulnerable to CVE-2-2022-1096.
Know about CVE-2022-1096
Google hasn’t disclosed many details about the vulnerability except that it is a “Type Confusion V8,” which refers to the JavaScript used by Chrome. The patch was released for the Stable Channel for the Chromium browser.
Google reported that the bug exploits an issue with variable types in the V8 JavaScript engine for Chrome. The company suspects that security researchers and malware authors are trying to exploit this vulnerability, putting 3.2 billion Chrome users at risk.
If a variable/memory location is accessed with the wrong type, it leads to a crash or the error memory is out of bounds, allowing arbitrary code execution. This issue generally occurs in languages that aren’t considered type-safe, like JavaScript, C, and C++. That’s why web browsers are highly susceptible to exploitation.
Download the Patch
The update is available for all compatible desktop systems. Google noted that it would automatically roll out updates for all devices in the coming days or weeks. This marks the second zero-day vulnerability Google patched this year in the Chrome browser.
The first was released in February 2022. Open the Chrome browser and select Menu > Help > About Google Chrome to download the patch. Or else you can type and load chrome://settings/help directly in the address bar.
