Google has issued an emergency security update for all Chrome users as it confirms that attackers are already exploiting a high severity zero-day vulnerability.
The emergency update to version 99.0.4844.84 of Chrome is highly unusual in that it addresses just a single security vulnerability. A fact that only goes to emphasize how serious this one is.
In a Chrome stable channel update announcement, published March 25, Google confirms it “is aware that an exploit for CVE-2022-1096 exists in the wild.”
All Chrome users are therefore advised to ensure their browsers are updated as a matter of urgency.
MORE FROM FORBESWhy You Must Factory Reset Everything: A Privacy 101 For 2022By Davey Winder
What is CVE-2022-1096?
Not much is known, at least publicly, at this stage about CVE-2022-1096 other than it is a “Type Confusion in V8.” This refers to the JavaScript engine employed by Chrome. This holding back of detail is not unusual in such cases where a vulnerability is already being exploited by attackers. Google often will not reveal technical details until such a time as the update has been able to protect most of Chrome’s 3.2 billion users.
Update March 28: Microsoft has now confirmed that this vulnerability exists in Edge, which is a Chromium-based browser. Edge has also been updated to protect users against the in-the-wild exploit. Go to settings about and if your browser version is 99.0.1150.55 or higher, it is no longer vulnerable to the CVE-2022-1096 issue. Chromium powers a whole bunch of browsers, including Brave and Vivaldi, and so I’d expect a lot of security fixes to be forthcoming.