HomeUpdateWhat did Google launch for the Patch Actively Exploited Zero-Day Vulnerability ?

What did Google launch for the Patch Actively Exploited Zero-Day Vulnerability ?

-

Last Updated on 27/03/2022 by Nidhi Khandelwal

Google released an out-of-band security update on Friday to fix a high-severity vulnerability in its Chrome browser that is being actively exploited in the wild, according to the company.

What did Google launch for the Patch Actively Exploited Zero-Day Vulnerability ? 1

The zero-day weakness, identified as CVE-2022-1096, is a type misunderstanding vulnerability in the V8 JavaScript engine. On March 23, 2022, an anonymous researcher was credited with disclosing the problem.

In languages that are not memory safe, such as C and C++, type confusion errors, which occur when a resource (e.g., a variable or an object) is accessed using a type that is incompatible with what was originally initialized, could have serious consequences, allowing a malicious actor to perform out-of-bounds memory access.

“If the allocated buffer is smaller than the type that the function is attempting to access, it could read or write memory out of the bounds of the buffer, leading to a crash and possibly code execution,” MITER’s Common Weakness Enumeration (CWE) states.

The company stated that it is “aware that an exploit for CVE-2022-1096 exists in the wild,” but declined to provide any details in order to avoid further exploitation and until the majority of customers have been updated with a remedy.

What did Google launch for the Patch Actively Exploited Zero-Day Vulnerability ? 2

CVE-2022-1096 is Google’s second zero-day vulnerability in Chrome since the beginning of the year; the first was CVE-2022-0609, a use-after-free flaw in the Animation component that was patched in February.

Google’s Threat Analysis Group (TAG) revealed details of a parallel effort orchestrated by North Korean nation-state organizations to target U.S.-based firms in the news media, IT, cryptocurrency, and finance industries earlier this week.

Nidhi Khandelwal
Nidhi Khandelwal
Nidhi is a tech news/research contributor at TheDigitalHacker. She publishes about techno geopolitics, privacy, and data breach.
- Advertisment -

Must Read

edge-ai

Challenges and Opportunities in Deploying AI Solutions in Edge Computing Environments

0
Edge AI is a ground-breaking new paradigm that has the potential to completely change how companies run. Organizations can seize new chances for creativity,...