Get in Touch
Google releases emergency Chrome patch
Overview
Google has released an update for Chrome to address two high-severity vulnerabilities including a type confusion vulnerability (CVE-2022-1364) being exploited in the wild.
Impact
A malicious website may be able to execute code on a host’s machine.
Affected Products
Any web browser that utilises Chromium as the underlying browser platform. This includes MS Edge, Google Chrome, Brave, etc…
Vulnerability Detection
You can see which version of Chrome you are running in the ‘About’ tab of the settings page:
- Navigate your browser to:
chrome://settings/help
- The most recent version as of 2022-04-15 is 100.0.4896.127.
Containment, Mitigations & Remediations
If you’re running an older version, then Chrome should update itself automatically on the next launch. The ‘About’ page can be used to manually update and this requires a relaunch of the browser.
Other advice:
- Don’t use administrative accounts to browse the internet
- Avoid clicking on suspicious links or browsing untrustworthy websites
- Apply the Principle of Least Privilege to all systems and services.
Indicators of Compromise
There are currently no IOCs provided for this exploit despite it having been seen in the wild.
Threat Landscape
Due to its widespread use under a variety of different names/brands, Chrome is a popular target for bug bounty hunters and malicious actors alike.
Mitre Methodologies
T1189 – Drive-by Compromise