Home / About / Threat Intelligence / Google releases emergency Chrome patch

Overview

Google has released an emergency update for Chrome to address a vulnerability (CVE-2022-1096) being exploited in the wild. The vulnerability is a type confusion bug in the V8 JavaScript engine.

Impact

A malicious website may be able to execute code on a host’s machine.

Vulnerability Detection

You can see which version of Chrome you’re running in the ‘About’ tab of the settings page.

Navigate your browser to chrome://settings/help. The most recent version as of 28/03/2022 is 99.0.4844.84.

Containment, Mitigations & Remediations

If you’re running an older version, then Chrome should update itself automatically on the next launch. The ‘About’ page can be used to manually update and this requires a relaunch of the browser.

Other advice:

  • Don’t use administrative accounts to browse the internet
  • Avoid clicking on suspicious links or browsing untrustworthy websites
  • Apply the Principle of Least Privilege to all systems and services.

Indicators of Compromise

Google are remaining tight-lipped around the exploit until sufficient users of their products have had time to update their systems.

Threat Landscape

Google Chrome has grown in popularity over the years and Chromium is the base of a number of other browsers including Brave and Microsoft Edge. A zero-day exploit is therefore of significant value and interest to malicious individuals.

Mitre Methodologies

T1189 – Drive-by Compromise

Further Information

Stable Channel Update for Desktop