amp.thehackernews.com Open in urlscan Pro
2606:4700:20::681a:161  Public Scan

Form analysis
0 forms found in the DOM

Text Content

✕
 * About Us
 * RSS Feeds
 * Telegram Channel
 * Facebook Page
 * Twitter Profile
 * Advertise With Us
 * Contact Us

Close the sidebar
☰
 *  Home
 *  Subscribe
 *  Deals






GOOGLE ISSUES URGENT CHROME UPDATE TO PATCH ACTIVELY EXPLOITED ZERO-DAY
VULNERABILITY

By — Ravie Lakshmanan • 25 Mar, 2022


Google on Friday shipped an out-of-band security update to address a high
severity vulnerability in its Chrome browser that it said is being actively
exploited in the wild.

Tracked as CVE-2022-1096, the zero-day flaw relates to a type confusion
vulnerability in the V8 JavaScript engine. An anonymous researcher has been
credited with reporting the bug on March 23, 2022.

Type confusion errors, which arise when a resource (e.g., a variable or an
object) is accessed using a type that's incompatible to what was originally
initialized, could have serious consequences in languages that are not memory
safe like C and C++, enabling a malicious actor to perform out-of-bounds memory
access.



"When a memory buffer is accessed using the wrong type, it could read or write
memory out of the bounds of the buffer, if the allocated buffer is smaller than
the type that the code is attempting to access, leading to a crash and possibly
code execution," MITRE's Common Weakness Enumeration (CWE) explains.

The tech giant acknowledged it's "aware that an exploit for CVE-2022-1096 exists
in the wild," but stopped short of sharing additional specifics so as to prevent
further exploitation and until a majority of users are updated with a fix.

CVE-2022-1096 is the second zero-day vulnerability addressed by Google in Chrome
since the start of the year, the first being CVE-2022-0609, a use-after-free
vulnerability in the Animation component that was patched on February 14, 2022.



Earlier this week, Google's Threat Analysis Group (TAG) disclosed details of a
twin campaign staged by North Korean nation-state groups that weaponized the
flaw to strike U.S. based organizations spanning news media, IT, cryptocurrency,
and fintech industries.

Google Chrome users are highly recommended to update to the latest version
99.0.4844.84 for Windows, Mac, and Linux to mitigate any potential threats.
Users of Chromium-based browsers such as Microsoft Edge, Opera, and Vivaldi are
also advised to apply the fixes as and when they become available.

Have something to say about this article? Share your comments and opinion with
us on Facebook, Twitter or our LinkedIn Group.
😊 Share this article





EXCLUSIVE OFFERS — LIMITED TIME

LEARN PROFESSIONAL HACKING

10 courses + 1,236 lessons on latest techniques, forensics, malware analysis,
network security and programming.
➤ Access Online Training Courses

1000+ PREMIUM ONLINE COURSES

It comes with course completion certification, Q/A webinars and lifetime access.
➤ Get Lifetime Access

CYBERSECURITY CERTIFICATION TRAINING

Get 1-year access to 108 hours of instruction on globally-recognized CISA, CISM,
CISSP, PMI-RMP, and COBIT 5 certifications.
➤ Access Online Training Courses

COMPTIA IT CERTIFICATION TRAINING

Get lifetime access to 14 expert-led courses and 300+ hours of high-quality
instruction.
➤ Access Online Training Courses

Read Latest Stories
© 2010–2019 The Hacker News — All rights reserved.

Ad