Google has issued an emergency security update for all Chrome users as it confirms that attackers are already exploiting a high severity zero-day vulnerability.

The emergency update to version 99.0.4844.84 of Chrome is highly unusual in that it addresses just a single security vulnerability. A fact that only goes to emphasize how serious this one is.

In a Chrome stable channel update announcement, published March 25, Google confirms it "is aware that an exploit for CVE-2022-1096 exists in the wild."

All Chrome users are therefore advised to ensure their browsers are updated as a matter of urgency.

What is CVE-2022-1096?

Not much is known, at least publicly, at this stage about CVE-2022-1096 other than it is a "Type Confusion in V8." This refers to the JavaScript engine employed by Chrome. This holding back of detail is not unusual in such cases where a vulnerability is already being exploited by attackers. Google often will not reveal technical details until such a time as the update has been able to protect most of Chrome's 3.2 billion users.

How to apply the Google Chrome security patch now

Head for the Help|About option in your Google Chrome menu, and if the update is available, it will automatically start downloading.

No comments:

Post a Comment