Michael Freeman, CTO of Cyber Threat Cognitive Intel (CTCI), said the vulnerability is a “type confusion” in the V8 JavaScript engine exploit, explaining that V8 is Chrome’s component that handles processing JavaScript code.Ī type confusion refers to coding bugs during which an app initializes data execution operations using the input of a specific “type” but is tricked into processing the incorrect input as a different “type,” he said. The vulnerability was only reported on the 23rd of March, and while Google’s Chrome team tends to be fairly prompt in developing, testing, and rolling patches, the idea of a patch for software deployed as widely as Chrome in 48 hours is something I continue to be impressed by.” “The second thing is the speed of the patch being rolled out. “This is pretty unusual for Google – they usually fix multiple issues in these types of releases – which suggests that they are quite concerned and very motivated to see fixes against CVE-2022-1096 applied across their user-base ASAP,” Ellis said. The vulnerability was submitted anonymously, according to Google.īugcrowd CTO Casey Ellis said the first thing that stood out about the update is that it only fixes a single issue. Little information is available about the issue but experts said it is tied to V8, Google’s open source JavaScript engine. Microsoft also released a warning about the issue and patched it for Edge users. Google patched the bug for Windows, Mac, and Linux operating systems users in Chrome. Google gave CVE-2022-1096 a high severity rating and said an exploit for the vulnerability exists in the wild. Google has released an urgent update for a 0-day vulnerability found on March 23 affecting Chrome.
0 Comments
Leave a Reply. |