IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Google patches second Chrome browser zero-day of 2022

Google acted quickly to secure against the type confusion vulnerability that was under active exploitation

Google has now patched the second actively exploited zero-day vulnerability in its Chrome browser this year.

Most of the details about the security vulnerability were left unpublished by Google, but the company confirmed it was a type confusion flaw, tracked as CVE-2022-1096, found in the V8 Javascript engine.

Type confusion issues occur when a product’s code is fed objects that aren’t verified, and using these objects without type-checking can create type confusion. In some cases, code execution can be achieved when wrong function pointers or data are fed into certain parts of a codebase.

“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” said Google Chrome in a blog post. “We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.”

The Google Chrome Stable Channel has been updated to version 99.0.4844.84 across Windows, Mac, and Linux, and users should start to see their browsers update “over the coming days/weeks,” Google said.

The vulnerability was reported on 23 March which prompted a swift response from Google Chrome which released a patch two days later on 25 March.

Being based on the Chromium engine, Microsoft released a separate notice informing Edge browser users that it was also vulnerable to the zero-day exploit. Microsoft rolled out a patch on 26 March for its browser.

Related Resource

Introducing the zero trust edge model for security and network services

Get a better understanding of emerging zero trust solutions

Whitepaper cover with black block across the top and yellow, green and black pipe graphics with title and copyFree Download

The latest patch fixes the second zero-day vulnerability found in the Chrome browser in nearly as many months. Google released a wave of patches earlier in February addressing seven high-severity security issues among which was the first zero-day of the year. 

Tracked as CVE-2022-0609 and carrying a CVSSv3 score of 9.8/10, the initial zero-day was also under active exploitation at the time of discovery and was a UAF in animation flaw - such vulnerabilities can typically lead to code execution on victim machines.

Featured Resources

2023 Strategic roadmap for data security platform convergence

Capitalise on your data and share it securely using consolidated platforms

Free Download

The 3D trends report

Presenting one of the most exciting frontiers in visual culture

Free Download

The Total Economic Impact™ of IBM Cloud Pak® for Watson AIOps with Instana

Cost savings and business benefits

Free Download

Leverage automated APM to accelerate CI/CD and boost application performance

Constant change to meet fast-evolving application functionality

Free Download

Recommended

Spanish spyware outfit uncovered, develops exploits for Windows, Chrome, and Firefox
spyware

Spanish spyware outfit uncovered, develops exploits for Windows, Chrome, and Firefox

1 Dec 2022
Google rolls out patch for high-severity Chrome browser zero day
zero-day exploit

Google rolls out patch for high-severity Chrome browser zero day

25 Nov 2022
Google adds new security vendor plugins for Chrome, improved Chrome OS policy controls for IT admins
operating systems

Google adds new security vendor plugins for Chrome, improved Chrome OS policy controls for IT admins

27 May 2022
Google Chrome branded the least effective browser for stopping phishing attacks
phishing

Google Chrome branded the least effective browser for stopping phishing attacks

26 May 2022

Most Popular

Warning issued over ransomware attacks targeting VMware ESXi servers globally
cyber attacks

Warning issued over ransomware attacks targeting VMware ESXi servers globally

6 Feb 2023
ION Trading reportedly pays LockBit ransom demands
ransomware

ION Trading reportedly pays LockBit ransom demands

6 Feb 2023
BT Group extends Kyndryl deal to migrate legacy mainframe apps to the cloud
Business strategy

BT Group extends Kyndryl deal to migrate legacy mainframe apps to the cloud

31 Jan 2023