How can we help?
Google has released an update for Chrome to address two high-severity vulnerabilities including a type confusion vulnerability (CVE-2022-1364) being exploited in the wild.
A malicious website may be able to execute code on a host’s machine.
Any web browser that utilises Chromium as the underlying browser platform. This includes MS Edge, Google Chrome, Brave, etc…
You can see which version of Chrome you are running in the ‘About’ tab of the settings page:
- Navigate your browser to:
- The most recent version as of 2022-04-15 is 100.0.4896.127.
Containment, Mitigations & Remediations
If you’re running an older version, then Chrome should update itself automatically on the next launch. The ‘About’ page can be used to manually update and this requires a relaunch of the browser.
- Don’t use administrative accounts to browse the internet
- Avoid clicking on suspicious links or browsing untrustworthy websites
- Apply the Principle of Least Privilege to all systems and services.
Indicators of Compromise
There are currently no IOCs provided for this exploit despite it having been seen in the wild.
Due to its widespread use under a variety of different names/brands, Chrome is a popular target for bug bounty hunters and malicious actors alike.
T1189 – Drive-by Compromise