An urgent update will be implemented to fix a zero-day vulnerability that has also been confirmed to be exploited in Chrome



On March 25, 2022, the desktop version of the browser ' Google Chrome ' developed by Google was urgently updated, and the latest stable version ' 99.0.4844.84 ' was released. This emergency update is a fix for the newly discovered zero-day vulnerability '

CVE-2022-1096 ' in Chrome, and Google has confirmed cases of actually exploiting 'CVE-2022-1096'. I am reporting.

Chrome Releases: Stable Channel Update for Desktop
https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html



Emergency Google Chrome update fixes zero-day used in attacks
https://www.bleepingcomputer.com/news/security/emergency-google-chrome-update-fixes-zero-day-used-in-attacks/

On March 25th, Google released the latest stable version of Chrome '99.0.4844.84' for Windows, Mac and Linux users. Google states that this update contains a security fix for the newly discovered zero-day vulnerability 'CVE-2022-1096'.

CVE-2022-1096, reported by an anonymous security researcher, is a vulnerability related to Type Confusion in V8 of the JavaScript engine developed by Google, and the importance of the vulnerability is 2 out of 4 levels. It is said to be the second one, 'High'. Bleeping Conputer, a tech media outlet, points out that exploiting mistypes can not only crash the browser, but can also allow an attacker to execute arbitrary code.

Since V8 is adopted in Chromium , which is a code base for browsers, this vulnerability will affect not only Chrome but also Microsoft's Chromium browser Edge and so on. In response to this, Microsoft has also released a version ' 99.0.1150.55 ' that fixes the vulnerability.



Google has confirmed an attack case that exploited CVE-2022-1096, but `` Bug details and access to links may continue to be restricted until the majority of users update the fix. We do not share any technical or additional information about the attack. '

Bleeping Computer, a tech media outlet, says Coggle is delaying sharing information about vulnerabilities to give Chrome users time to update and prevent attacks that exploit the vulnerabilities. Chrome version '99.0.4844.84' which modified CVE-2022-1096 is scheduled to be deployed in the next few days to weeks.

In addition, Google reported on March 24 that a Chrome vulnerability called ' CVE-2022-0609 ' was being exploited by a hacker supported by North Korea.

North Korean hacker group found to be exploiting Chrome's zero-day vulnerability 'CVE-2022-0609'-GIGAZINE



Related Posts:

in Software,   Web Service,   Security, Posted by log1h_ik