Google Chrome Releases Fix to Address Zero-day Vulnerability – CVE-2022-1096

Google has released an emergency update to address a high-severity zero-day vulnerability – CVE-2022-109). The vulnerability, reported by an anonymous security researcher, is said to be exploited in the wild.
 
This zero-day vulnerability is a type-confusion flaw in the Chrome V8 JavaScript engine. A type-confusion error arises when a resource (e.g., a variable or an object) is accessed using an incompatible type.  
 
While type-confusion flaws typically result in browser crashes when successfully exploited by reading or writing memory outside of buffer bounds, they can also be used to execute arbitrary code. 
  
Even though Google stated that it had detected attacks in the wild leveraging this zero-day, the corporation did not provide technical details or information about these instances. 
 
CVE-2022-1096 is the second Chrome zero-day addressed by Google this year. 
 
CVE-2022-0609 was the first zero-day patched in February by Google.  
 
Affected versions  
All the Google Chrome versions prior to 99.0.4844.84 are affected by this vulnerability. 
 
Mitigation  
Customers are advised to upgrade to the latest Chrome version 99.0.4844.84. For more information, please refer to the Google Chrome security page 
 
Qualys Detection  
Qualys customers can scan their devices with QID 376499 to detect vulnerable assets.  
  
Please continue to follow Qualys Threat Protection for more coverage on the latest vulnerabilities.  
  
References 
https://sites.google.com/a/chromium.org/dev/Home/chromium-security  
https://www.securityweek.com/google-issues-emergency-fix-chrome-zero-day 
https://thehackernews.com/2022/03/google-issues-urgent-chrome-update-to.html   
https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html  
https://www.bleepingcomputer.com/news/security/emergency-google-chrome-update-fixes-zero-day-used-in-attacks/  

Leave a Reply

Your email address will not be published. Required fields are marked *