Get in Touch
Please get in touch using the form below.
Google releases emergency Chrome patch March 2022
Overview
Google has released an emergency update for Chrome to address a vulnerability (CVE-2022-1096) being exploited in the wild. The vulnerability is a type confusion bug in the V8 JavaScript engine.
Impact
A malicious website may be able to execute code on a host’s machine.
Vulnerability Detection
You can see which version of Chrome you’re running in the ‘About’ tab of the settings page.
Navigate your browser to chrome://settings/help. The most recent version as of 28/03/2022 is 99.0.4844.84.
Containment, Mitigations & Remediations
If you’re running an older version, then Chrome should update itself automatically on the next launch. The ‘About’ page can be used to manually update and this requires a relaunch of the browser.
Other advice:
- Don’t use administrative accounts to browse the internet
- Avoid clicking on suspicious links or browsing untrustworthy websites
- Apply the Principle of Least Privilege to all systems and services.
Indicators of Compromise
Google are remaining tight-lipped around the exploit until sufficient users of their products have had time to update their systems.
Threat Landscape
Google Chrome has grown in popularity over the years and Chromium is the base of a number of other browsers including Brave and Microsoft Edge. A zero-day exploit is therefore of significant value and interest to malicious individuals.
Mitre Methodologies
T1189 – Drive-by Compromise