Google released an out-of-cycle emergency update for Chrome, tracked as CVE-2022-1096 regarding a high-severity vulnerability in the Chrome V8 JavaScript engine on Friday, March 25, 2022, after it experienced a Zero-Day Attack.
What Happened
Google Chrome experienced a zero-day attack (a zero-day attack is when a threat actor exploits a vulnerability before software developers can find a fix). The attack was reported to Google by an anonymous security researcher, and Google acknowledges that it is actively exploited in the wild.
What Kind of Zero-Day Attack Was it
This was a type-confusion attack. According to MITRE’s Common Weakness Enumeration (CWE), When the program accesses the resource using an incompatible type, this could trigger logical errors because the resource does not have expected properties. In languages without memory safety, such as C and C++, type confusion can lead to out-of-bounds memory access. If the allocated memory buffer is smaller than the type that the code is attempting to access, that could lead to a crash and possibly code execution.
Google’s Response
Google released its updated version of Chrome, 99.0.4844.84, which is rolling out worldwide. Google estimates it will only be a matter of weeks before the rollout is complete. What’s important to note is that Google rarely addresses a single security issue in an update, which emphasizes the severity of the issue. Because this zero-day is known to have been used by attackers in the wild, it is strongly recommended that all chrome users install today’s Google Chrome update as soon as possible
Conclusion
If you are a default google chrome user like myself, please do yourself the favour of updating your browser. Not only google chrome but also other web browsers on your computer and mobile phones. Remember…Hackers are trackers!
Nice information dear.Thanks for sharing.
Thank you so much Ayomi. I am glad this was helpful.