Chrome releases emergency update to fix CVE-2022-1096 that have been exploited in the wild

by do son · Published March 25, 2022 · Updated March 25, 2022

Google released a security bulletin to reveal the CVE-2022-1096 vulnerability, which is a major security threat to Type Confusion in V8. To ensure security, Google has released an emergency security update to fix this vulnerability, the corresponding version number is Google Chrome 99.0.4844.84.

The security vulnerability, numbered CVE-2022-0609, was submitted by an anonymous researcher, and the vulnerability was discovered on March 23.

According to Google, “Google is aware that an exploit for CVE-2022-1096 exists in the wild.” At present, it is only known that this vulnerability is a Type Confusion in V8. According to MITRE’s Common Weakness Enumeration, Type confusion errors arise when”The program allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.”

Based on security considerations, Google will only disclose the full details of the vulnerability after most users update. Often such vulnerabilities can be used to execute arbitrary code or escape the browser’s security sandbox, and interested researchers can wait for subsequent Google disclosures.

Users of Google Chrome can go to the About page of the settings, where they can see the current version number and can automatically check the latest version. If the user deploys the online installation package, it can be updated automatically. If the user deploys the offline installation package, the user needs to manually download the new version to upgrade.

Chrome releases emergency update to fix CVE-2022-1096 that have been exploited in the wild

Search

Brilliantly

Content & Links