Chrome gets fix for serious vulnerability that is being actively exploited

Google released an emergency update to Chrome desktop users over the weekend that addresses a serious vulnerability that Google claims is currently being actively exploited. The vulnerability is also present in other Chromium browsers, including Microsoft Edge.

Update 99.0.4844.84 for Chrome is on the weekend pushed to desktop users. It’s highly unusual for Google to push an update to all users to address a single vulnerability. That shows the seriousness of the vulnerability. According to Google, this is a confusion-in-V8 bug, which affects the CVE code CVE-2022-1096 has gotten.

The bug type refers to a JavaScript engine used by Chrome. The company will not provide more details because the vulnerability is actively being exploited. The vulnerability was reported to Google on March 23 by an anonymous source. The V8 type confusion vulnerability generally leads to browser crashes, but can also be used to run arbitrary code. The vulnerability allows one to read and write memory beyond the limits of memory in programming languages ​​without memory protection, such as in C and C++.

According to Microsoft The vulnerability also affects other Chromium browsers, such as Edge. That is why Microsoft has also released an update for that browser: version 99.0.1150.55. Microsoft and Google do not say how the vulnerability was exploited in the wild. It is the second zero day that Google fixes this year with an emergency update. In February, a security update was also released for a “high-risk” bug. In early March, Google Chrome released version 99, which fixed 28 vulnerabilities.