VTA-00411 – Urgent Google Chrome Update to Patch Type Confusion Vulnerability (CVE-2022-1096)
Google has issued update to Chrome 99.0.4844.84 for Windows, Mac, and Linux, to address a high severity vulnerability in its Chrome browser that is being actively exploited in the wild, which has been tracked as CVE-2022-1096. The zero-day flaw relates to a type confusion vulnerability in the V8 JavaScript engine. Type confusion errors which arise when a resource (e.g. a variable or an object) is accessed using a type that is incompatible to what was originally initialized to enable a malicious actor to perform out-of-bound memory access. Therefore, when a memory buffer is accessed using the wrong type, it could read or write memory out of the bounds of the buffer. If the allocated buffer is smaller than the type that the code is attempting to access, it will lead to a crash and possibly code execution.
Severity:
High
Attack Surfaces:
Web Browser
Tactics:
Execution, Privilege Escalation
Techniques:
Out-of-Bounds Memory Access, Arbitrary Code Execution
Active Defense Tactics:
Detect, Disrupt
Active Defense Techniques:
Security Controls, Software Manipulation
SuperPRO’s Threat Countermeasures Procedures:
1. Update Google Chrome to version 99.0.4844.84
2. Enable auto-updates to ensure software/program is always up to date.
Contributed by: Jyao
Leave a Reply