JAVASCRIPT AT THE HEART OF THE CHROMIUM FAULT

As often, Google avoids communicating too much information about the deep nature of this flaw, so as not to put more hackers on its trail. But the company explains all the same that it concerns “a type confusion in V8”, which is none other than the JavaScript engine used by Edge and Chrome. Google will say more when the majority of users have made an update protecting them from an exploitation of this vulnerability.

UPDATES ARE ALREADY AVAILABLE

This security flaw can potentially affect more than 3 billion people, considering the popularity of Chromium-based browsers. Google and Microsoft have already released patches that close the vulnerability in Chrome and Edge. Other browsers, such as Vivaldi and Brave, should soon follow suit.

To update Chrome, all you have to do is open the browser, go to settings and then to “Security and privacy”. Then perform a “Security Check” to make sure you have the latest version. If not, update immediately.

Security flaw: users must immediately update Google Chrome

With the evolution of technology, there are more and more cyber hackers and even tech giants are having their systems hacked. Lately, Google has become very vigilant as it has already been the victim of cyberattacks. That’s why, as soon as the company noticed a huge security flaw in the Chrome browser, it immediately asked users to update.

It turns out that this flaw would allow hackers to infect the PC in case of exploitation and this is what makes users vulnerable. Google is therefore doing everything possible to protect users and prevent criminals from jumping on this opportunity to attack other victims.

An immediate update is needed

Users of Chrome browser version 99.0.4844.84 are most at risk. Thus, approximately 3.2 billion users are affected. To avoid any risk, the firm strongly recommends downloading the update it has just put online. This will protect you from all kinds of attacks. The flaw is dubbed CVE-2022-1096 and is currently in the wild according to Google. Moreover, it is for this reason that the latter insists on installing the patch as soon as possible.

This flaw is still a mystery but according to the firm it is a “type confusion in V8”. To be more precise, it is a JavaScript engine used by Chrome and Edge. Thus, it allows hackers to crash the browser and execute arbitrary code, which could lead to malware and ransomware infections.

The flaw also affects other browsers

Apparently, Google is not the only victim of this security flaw as Microsoft Edge has also been affected. Even if the latter was deployed natively on PCs running Windows, it is still based on Chromium, which means that it has the same flaw as Chrome.

Thus, the Redmond company also recommends users of this browser to quickly install the Edge 99.0.1150.55 update. It is highly likely that Brave and Vivaldi will also deploy patches since they are both based on the Chromium kernel. So, urgently go to your settings to update your browser.

0-day flaw: Google Chrome updated against an already exploited vulnerability

In an update note for its Chrome internet browser, Google insists on the presence of a security patch aimed at plugging the CVE-2022-1096 flaw, whose threat level is considered high.

For the second time in 2022, this is a so-called 0-day flaw, unknown before being anonymously communicated to Google teams on March 23. However, the security engineers who have worked on this vulnerability are certain: it has already been exploited by hackers, without knowing exactly on what scale.

An urgent update

So it is urgent for Chrome users to update their browser as the latest version to install is numbered 99.0.4844.84. It is available through the stable release channel for Windows, Mac, and Linux, with automatic deployment in progress.

Difficult for the moment to know more. Google wants to keep this flaw as discreet as possible until users of its browser have been able to update it. “Access to details and links for this bug may be restricted until a majority of users have installed the fix. We will also maintain restrictions if the bug exists in a third-party library that other projects similarly depend on, but which have not yet been fixed,” the company said, although hackers are exchanging information about this problem a priori. flaw on the darknet.

Microsoft Edge also affected

Caution is advised: Chrome is used by 3 billion people worldwide. And as several experts point out, the source code of Chrome (Chromium) is used by other software that could potentially be affected. This is particularly the case of Microsoft’s Internet browser, Edge, delivered with Windows. This is why Microsoft also offers an Edge update that all users are encouraged to install.

Updates to the mobile versions of these web browsers are also being finalized and should be available on the App Store and Play Store in the coming days.

How to update Google Chrome?

Whether you are on Windows, macOS or Linux, the Google Chrome internet browser updates when the application is launched. To make sure you have the latest version of the software, just close it and restart it. You can then verify that you are indeed using a “patched” version of Chrome. Its serial number must be at least 99.0.4844.84. To do this, go to the Chrome menu (macOS) and click on About Google Chrome. On Windows, click the three little dots to the right of the browser window, then click Settings > About Google Chrome.

Urgently update your Chrome and Edge browsers to address a major security flaw

Although security updates are commonplace for browsers, the urgency of the CVE-2022-1096 flaw revealed by Google urges Internet users to update Chrome to version 99.0.4844.84 as soon as possible.

A vulnerability already exploited

Loosely titled “Type confusion in V8” and classified as a high threat, this vulnerability calls into question the integrity of the JavaScript engine integrated into Chromium. Google says the flaw has already been used by hackers.

Preferring to limit the damage and give users time to update their browsers, the company has not yet communicated in detail as to how the flaw is exploited and the real dangers it entails.

Chromium browsers exposed, Chrome and Edge already patched

Google actually owes the discovery of this critical flaw to an anonymous user on March 23. It took two days for the Redmond company to deploy a patched version of Chrome on Windows, Mac and Linux. Insofar as this vulnerability affects Chromium, Internet users using other browsers such as Opera, Vivaldi or Brave are exposed. So far, only Microsoft has confirmed that they have rolled the fix into their Edge browser with the 99.0.1150.55 update.

Whether it’s Chrome or Edge, the security update should in theory have taken place automatically. However, it is strongly advised to check and force its deployment from the Browser settings > Aid > In regards to.

Google Chrome, Microsoft Edge: an update to install urgently on your computer against the risk of hacking

Already for the second time this year, Google is releasing an emergency security patch to close a breach in its Google Chrome Internet browser. This is a so-called zero-day flaw, a bug that has never been fixed for the time being and which is likely to be actively exploited by hackers who have knowledge of it, in other terms, the most critical vulnerability that can strike a computer system.

The alert was launched on Friday March 25 by Google to the more than 3.2 billion people using its browser around the world on Windows, Mac or Linux. Chrome’s market share is estimated at 56% in France, where the threat is obviously just as important. Microsoft has also confirmed that its browser Microsoft Edge is also impacted because its architecture uses common bricks with that of its competitor.

The flaw, dubbed CVE-2022-1096, is precisely a type confusion in V8, the JavaScript engine used by the two browsers that share the Chromium kernel. Few details have been leaked on how it works to limit the risk of it being exploited before a critical mass of users have had time to install the update.

Categorized in: