Google has released an emergency security update for all Chrome users because it has confirmed that attackers are already taking advantage of a high-severity zero-day vulnerability.
Chrome’s emergency update to version 99.0.4844.84 is very unusual because it only fixes one security hole. Another thing that shows how serious this one is
In a March 25 announcement about a Chrome stable channel update, Google says, “We are aware that an exploit for CVE-2022-1096 is out there in the wild.”
So, everyone who uses Chrome should make sure their browsers are updated as soon as possible.
CVE-2022-1096 is what?
Not much is known, at least publicly, at this stage about CVE-2022-1096 other than it is a “Type Confusion in V8.” This is a reference to the JavaScript engine that Chrome uses. This kind of withholding of information is common when attackers are already taking advantage of a weakness. Google usually doesn’t share technical details until most of Chrome’s 3.2 billion users have been protected by the update.
Update: As of March 28, Microsoft has confirmed that this vulnerability exists in Edge, which is a Chromium-based browser. Users of Edge have also been protected from the in-the-wild exploit by a new version. If you go to settings|about and your browser version is 99.0.1150.55 or higher, it is no longer vulnerable to the CVE-2022-1096 issue. A lot of browsers, like Brave and Vivaldi, are based on Chromium, so I’d expect a lot of security fixes to come out soon.
READ MORE ARTICLES;
