Google has issued an emergency security update for all Chrome users, revealing that attackers have uncovered and exploited a high-severity zero-day vulnerability. As it only addresses a single security problem, the emergency Chrome update to version 99.0.4844.84 is unusual than the previous updates.
Google acknowledged in a Chrome stable channel update statement on March 25 that it is aware that an attack for CVE-2022-1096 exists in the wild, and advised all Chrome users to update their browsers to the latest version right once.
What is CVE-2022-1096?
As of now, not much is known publicly about CVE-2022-1096 except that it is a “Type Confusion in V8”. This withholding of information is common in situations where a vulnerability is already being exploited by attackers. Google frequently withholds technical details until the update has been able to protect the vast majority of Chrome’s 3.2 billion users.
Vulnerability exists in Microsoft’s Edge
It is to be noted that Microsoft has confirmed that this vulnerability also exists in Edge, a Chromium-based browser. Edge has also been updated to protect users from the exploit and Users can verify their browser version by going to settings and then clicking on “about,” and if the version is 99.0.1150.55 or higher, it is no longer vulnerable to the CVE-2022-1096 vulnerability.
How can users apply for Google Chrome security patch?
Users can check their Chrome version number by going on the Chrome Menu and clicking to “Help,” then “About Google Chrome,” and if an update is available, it will begin downloading immediately. However, it may take a few days for everyone to receive the update. Furthermore, the users must restart their browsers after installing the update, to activate the new version.