Of the 28 vulnerabilities that the latest update addresses, most (20) were discovered by independent researchers, and the remaining eight by Google’s internal experts. Summing up the available information, it is reasonable to assume that an exploit for the vulnerability not only exists, but is actively being used by attackers. The next day, Microsoft fixed the same vulnerability in its Chromium-based Edge browser. What’s more, according to the patch release notes, Google was aware that an exploit for this vulnerability already existed on March 25. The vulnerability is pretty dangerous, judging by the fact that Google addressed this bug separately with an emergency patch. But it is already clear that it is the CVE-2022-1096 vulnerability (the one that Google closed with a separate patch on Friday, March 25, just four days before the major update) that may cause real problems.ĬVE-2022-1096 belongs to the Type Confusion class, that means it is connected to some error in data types handling in the V8 engine. So far Google has not published details about any of the vulnerabilities - as per the company’s security policy, access to a detailed description of the bugs remains restricted until the majority of active users update their browser.
In other words, if you have not rebooted your computer for quite some time or did not restart your browser recently, then it’s time to update. So in total, the Chrome developers have released patches for 10 high severity vulnerabilities in less than a week.
At least 9 of them have a high severity rating - adding to CVE-2022-1096, another high severity vulnerability which Google patched with a separate update just a few days ago. Google has fixed 28 vulnerabilities by releasing update 1.60 for its Chrome browser. That said, you should update your Chrome browser now – be it on Windows, Mac or Linux – to version 1.75. As per usual, Google hasn’t disclosed further details yet. This vulnerability is also related to Type Confusion in Chrome’s V8 engine. Updated on April 6: One more high-severity vulnerability (CVE-2022-1232) was found in Chrome by one of Google’s own internal researchers on March 30 it was fixed several days later.
0 kommentar(er)
