RiskVulnerability

Google Releases Emergency Patch for Zero-Day

Date: March 28th, 2021

Risk: Critical

CVE: CVE-2022-1096

Affected Versions: Versions prior to 99.0.4844.84

Google has urged its 3 billion+ users to update to Chrome version 99.0.4844.84 for Mac, Windows, and Linux to mitigate a zero-day that is currently being exploited in the wild. This is in response to a bug reported by an anonymous security researcher last week.

The flaw, which is tracked as CVE-2022-1096, is a a “Type Confusion in V8” and is rated as high severity, meaning that it’s necessary for everyone using Chrome to update as quickly as possible because of the damage attackers could cause once they exploit this.

Not much is known about the vulnerability itself or how great the impact would be if exploited, but the unusual release of this patch, which notably addresses just one vulnerability, means that this update shouldn’t be ignored. Security Research also identified state-sponsored threat actors using Browser vulnerabilities to establish footholds and initial infection within an environment.

Remediation

  • Update to Chrome Version 99.0.4844.84