Contents:
Following the identification of a V8 vulnerability in Chrome and Edge that shows an exploit in the wild, users who employ Windows, macOS, and Linux should update Chrome builds to version 99.0.4844.84 as an out-of-band security update has been recently released by Google to address this issue, ZDNet mentions.
About the V8 Vulnerability
There is not much information regarding this newly identified vulnerability, as Google said that it waits first for the majority of users to update their browser as a measure to prevent further exploitation.
Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but haven’t yet fixed.
What is known is that the bug under discussion has been assigned CVE-2022-1096, being described as a zero-day “type confusion in V8” and it was reported on 23.03.2022 by a researcher with an “anonymous” identity.
What Is V8?
V8 represents basically a free and open-source JavaScript engine. It was designed by the Chromium Project for Google Chrome and Chromium web browsers. The one who created the project is named Lars Bak. What’s interesting to know here is that the release of its first version in 2008 happened simultaneously with the release of Chrome’s first version.
Microsoft Releases Notice on This Topic
Since V8 vulnerability has had an impact on Edge too, Microsoft Office released its notice on this topic mentioning that the problem was fixed in Edge version 99.0.1150.55.
Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.
Google Patched Other Vulnerability in February
According to thehackernews.com, another vulnerability was identified in Chrome at the beginning of this year dubbed CVE-2022-0609 which stood for a use-after-free bug located in the Animation component. This received patches from Google on the 14th of February 2022.
How Can Heimdal™ Help?
The rollout of patches in your system should be performed in a timely manner from the release in order to benefit from the fastest protection. You can achieve this with an automated Patch & Asset Management tool like ours, that features the shortest vendor-to-end-user waiting time, as in less than 4 hours from the release you have your patch in the Heimdal cloud already tested, repackaged, and ready to be deployed.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.