Google Issues Urgent Chrome Update to Patch Actively Exploited Zero-Day Vulnerability

 Google Urgent Chrome Update

Google Urgent Chrome Update

Google on Friday shipped an out-of-band security update to address a high severity vulnerability in its Chrome browser that it said is being actively exploited in the wild.

Tracked as CVE-2022-1096, the zero-day flaw relates to a type confusion vulnerability in the V8 JavaScript engine. An anonymous researcher has been credited with reporting the bug on March 23, 2022.

Type confusion errors, which arise when a resource (e.g., a variable or an object) is accessed using a type that’s incompatible with what was originally initialized, could have serious consequences in languages that are not memory safe like C and C++, enabling a malicious actor to perform out-of-bounds memory access.

U.S. Government Warns Companies of Potential Russian Cyber Attacks

The tech giant acknowledged it’s “aware that an exploit for CVE-2022-1096 exists in the wild,” but stopped short of sharing additional specifics so as to prevent further exploitation until a majority of users are updated with a fix.

CVE-2022-1096 is the second zero-day vulnerability addressed by Google in Chrome since the start of the year, the first being CVE-2022-0609, a use-after-free vulnerability in the Animation component that was patched on February 14, 2022.

Earlier this week, Google’s Threat Analysis Group (TAG) disclosed details of a twin campaign staged by North Korean nation-state groups that weaponized the flaw to strike U.S.-based organizations spanning news media, IT, cryptocurrency, and fintech industries.

Google Chrome users are highly recommended to update to the latest version 99.0.4844.84.


 Google Urgent Chrome Update

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts