- A high-risk zero-day vulnerability exists that might be exploited by various hackers looking to gain access to your operating system. As a result, you may be subject to hacking assaults if you do not update your browser.
- The high-severity issue, which has been awarded the dreaded zero-day rating, exploits a Chrome flaw, with Google revealing that corrupt individuals have already used the flaw to launch attacks.
- This makes it even more critical for the millions of Google Chrome users out there to take immediate steps to secure their browsers and devices.
Google has released workarounds for two vulnerabilities in its Chrome browser, one of which is currently being used in the open.
The company’s emergency updates affect the almost 3 billion users of its Chrome browser, as well as those who use other Chromium-based browsers like Microsoft Edge, Brave, and Vivaldi.
Microsoft has acknowledged that Microsoft Edge has a problem and has provided a new patch. This latest patch includes security upgrades that should keep your machine safe. Further exploitation would be impossible, which is why Microsoft advises users to update their systems.
One should not be concerned about the CVE-2022-1096 vulnerability if you have Microsoft Edge version 99.0.1150.55 or higher. If you’re using an older version, you should consider updating to keep current and safeguard your machine from hackers.
It’s the third time Google has had to provide an emergency update for Chrome this year.
users will be using Chrome version 100.0.4896.127 after the update. If the Google browser hasn’t updated automatically, they will teach you how to do it manually.
Google worked quickly after being notified about the flaw previously this week, releasing a remedy within a day. This is most likely owing to the zero-day rating, which indicates that the exploit has already been deployed in the wild.
Google Chrome version 100.0.4896.127 contains the essential update, which will be available to all users in the following days and weeks.
One of the issues is a type confusion vulnerability, which has been assigned the number CVE-2022-1364 and is an elevated, zero-day bug that is now being exploited by attackers.
A type confusion problem occurs when a program allocates a resource such as a reference or object with one type but then accesses the resource with a different, incompatible type. The vulnerability can result in out-of-bounds memory access in various languages, such as C and C++.
This incompatibility can result in a browser crash or logical issues. If abused, however, it might allow a hacker to run arbitrary code.
“We would also like to thank all security researchers who worked with us during the development cycle to prevent security flaws from ever reaching the stable channel,” the Mountain View business said.
@ShaneHuntley tweeted about “Another Chrome 0day (CVE-2022-1364) in the wild” discovered by @ clem1, praising @googlechrome’s “very impressive and speedy actions.”
Officials from Google did not provide much specifics on the problem, stating that information and links to the fault will be restricted until the majority of users have received the fix, which will upgrade Chrome to version 100.0.4896.127 on Windows, Linux, and Mac platforms. They also stated that “if the flaw exists in a third-party library that other programs likewise rely on but haven’t been repaired,” they will “retain restrictions.”
The problem is also prevalent in mobile browser implementations. The same patch, with the same version number, is available for Chrome users on Android. It also has the same Google warning: an exploit is out there. Users of Chrome on iOS appear to be unaffected at this time.
Because of the urgency of these updates, which came just days after the most recent security update, every Chrome user should update as soon as possible.
If you don’t keep up with the required upgrades and procedures, the internet can turn out to be a scary place. Secure your systems and remain safe!