Home / About / Threat Intelligence / Google releases emergency Chrome patch

Overview

Google has released an update for Chrome to address two high-severity vulnerabilities including a type confusion vulnerability (CVE-2022-1364) being exploited in the wild.

Impact

A malicious website may be able to execute code on a host’s machine.

Affected Products

Any web browser that utilises Chromium as the underlying browser platform. This includes MS Edge, Google Chrome, Brave, etc…

Vulnerability Detection

You can see which version of Chrome you are running in the ‘About’ tab of the settings page:

  • Navigate your browser to: chrome://settings/help
  • The most recent version as of 2022-04-15 is 100.0.4896.127.

Containment, Mitigations & Remediations

If you’re running an older version, then Chrome should update itself automatically on the next launch. The ‘About’ page can be used to manually update and this requires a relaunch of the browser.

Other advice:

  • Don’t use administrative accounts to browse the internet
  • Avoid clicking on suspicious links or browsing untrustworthy websites
  • Apply the Principle of Least Privilege to all systems and services.

Indicators of Compromise

There are currently no IOCs provided for this exploit despite it having been seen in the wild.

Threat Landscape

Due to its widespread use under a variety of different names/brands, Chrome is a popular target for bug bounty hunters and malicious actors alike.

Mitre Methodologies

T1189 – Drive-by Compromise

Further Information

Stable Channel Update for Desktop