You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Exploit Available for Chrome and Edge V8 Type Confusion Vulnerability in the Wild
Key Details
CVE-2022-1096
Affected Products – (Chromium Browsers) Google Chrome, Microsoft Edge
Disclosure Date – 26th March 2022
CVSS Score – N/A
Exploit Released - Yes
Patch Available – Yes
Summary
Google have warned of a critical vulnerability for Chromium browsers that has an exploit available in the wild, and thus are urging users of the browsers on
Windows, macOS and Linux to update as soon as possible. The vulnerability in question is CVE-2022-1096 which is a type confusion vulnerability found in Chromes
V8 JavaScript engine, and was reported by an anonymous user on 23/03/2022. Google are expected to remain silent on the technical details of the vulnerability
until the vast majority of users have installed stable channel 99.0.4844.84 for Chrome or 99.0.1150.55 for Edge.
Mitigation
Windows, macOS, and Linux users to update Chrome builds to version 99.0.4844.84 and/or Edge version 99.0.1150.55. Google will be pushing these patches out
automatically over the coming weeks, but those wishing to patch immediately can manually do so by following the instructions on the following links:
NCC Group will continue to track this vulnerability and will update this alert with any critical developments and any emerging IoC’s will be identified and added to our Threat Intelligence Platform for monitoring.