Security News > 2022 > March > Google Issues Urgent Chrome Update to Patch Actively Exploited Zero-Day Vulnerability
Google on Friday shipped an out-of-band security update to address a high severity vulnerability in its Chrome browser that it said is being actively exploited in the wild.
Tracked as CVE-2022-1096, the zero-day flaw relates to a type confusion vulnerability in the V8 JavaScript engine.
Type confusion errors, which arise when a resource is accessed using a type that's incompatible to what was originally initialized, could have serious consequences in languages that are not memory safe like C and C++, enabling a malicious actor to perform out-of-bounds memory access.
"When a memory buffer is accessed using the wrong type, it could read or write memory out of the bounds of the buffer, if the allocated buffer is smaller than the type that the code is attempting to access, leading to a crash and possibly code execution," MITRE's Common Weakness Enumeration explains.
CVE-2022-1096 is the second zero-day vulnerability addressed by Google in Chrome since the start of the year, the first being CVE-2022-0609, a use-after-free vulnerability in the Animation component that was patched on February 14, 2022.
Google Chrome users are highly recommended to update to the latest version 99.0.4844.84 for Windows, Mac, and Linux to mitigate any potential threats.
News URL
https://thehackernews.com/2022/03/google-issues-urgent-chrome-update-to.html
Related news
- Google fixes ninth Chrome zero-day exploited in attacks this year (source)
- Google fixes ninth Chrome zero-day tagged as exploited this year (source)
- New Chrome zero-day actively exploited, patch quickly! (CVE-2024-7971) (source)
- Google tags a tenth Chrome zero-day as exploited this year (source)
- FreeBSD Releases Urgent Patch for High-Severity OpenSSH Vulnerability (source)
- Microsoft August 2024 Patch Tuesday fixes 9 zero-days, 6 exploited (source)
- Google Fixes High-Severity Chrome Flaw Actively Exploited in the Wild (source)
- CISA Urges Federal Agencies to Patch Versa Director Vulnerability by September (source)
- Week in review: PostgreSQL databases under attack, new Chrome zero-day actively exploited (source)
- SonicWall Issues Critical Patch for Firewall Vulnerability Allowing Unauthorized Access (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-07-23 | CVE-2022-1096 | Type Confusion vulnerability in Google Chrome Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2022-04-05 | CVE-2022-0609 | Use After Free vulnerability in Google Chrome Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |