If you haven’t updated your Chrome browser to version 99.0.4844.84, you should do it immediately. If you don’t, you are risking your security, as Google recently reported a new vulnerability in Chrome. The vulnerability in question has been described as “Chromium: CVE-2022-1096 Type Confusion in V8”.
Chromium: CVE-2022-1096 Type Confusion in V8
According to Microsoft’s advisory, the CVE-2022-1096 identifier was assigned by Chrome. It should be noted that Microsoft Edge is Chromium-based and ingests Chromium, which addresses this vulnerability. Also note that immediate patching is required, as Google is aware of an active exploit based on the flaw.
The technical details surrounding the issue are scarce and won’t be released to the public until a majority of users have updated their browsers. The browser maker will also retain restrictions, if the bug exists in a third-party library that other projects similarly depend on, but haven’t yet fixed.
In February, Chrome was impacted by another zero-day, CVE-2022-0609. Upon disclosure, Google described it as a user after free in Animation bug, which has a high-severity score. The vulnerability was discovered by Clément Lecigne from Google’s Threat Analysis Group.
Another example of a use-after-free Chrome zero-day exploited in the wild is CVE-2021-37973. The bug resided in the Portals API, which is a web page navigation system that helps in page transitions, or what users see when they move between pages. This bug was also disclosed by Clément Lecigne.