On Friday, Google released an out-of-band security update to address a highly critical vulnerability in the Chrome browser which they consider to be actively exploited.
Type confusion, which arises when a resource (for example, a variable or an object) is accessed using a type that is incompatible with what was initially initialized, which can have serious consequences. in memory-unsafe languages such as C and C++, creating malicious conditions to perform out-of-bounds memory access.
“When a memory buffer is accessed using the wrong type, it may read or write memory out of the buffer’s bounds, if the allocated buffer is smaller than the type the code is trying to access, resulting in to the problem and possibly an error. implementation,” explains MITER’s Common Weakness Enumeration (CWE).
The tech giant admitted that it “knows that CVE-2022-1096 exists in the wild,” but has stopped sharing additional specifics to prevent further exploits and until the Large users are updated with bug fixes.
CVE-2022-1096 is the second zero-day vulnerability addressed by Google on Chrome since the beginning of the year, the first being CVE-2022-0609, a free-to-use after-use vulnerability in the Animation component was patched on Feb 14, 2022.
Earlier this week, Google’s Threat Analysis Team (TAG) revealed details of a twin campaign organized by North Korean state-state groups to weaponize the vulnerability to attack North Korean organizations. US-based organizations covering the news media, IT, crypto and fintech industries.
User Google Chrome Updating to the latest version 99.0.4844.84 for Windows, Mac and Linux is recommended to mitigate any potential threats. Users of Chromium-based browsers such as Microsoft Edge, Opera, and Vivaldi are also advised to apply fixes as they become available.