Google has released an urgent update to fix 2 vulnerabilities in the Chromium browser

In the latest urgent update, Google fixed 2 vulnerabilities in the Chrome browser, 1 of which has been proven to have been exploited by hackers. The urgent update released this week applies not only to Chrome, which has 3 billion active users, but also to Chromium-based browsers such as Edge, Brave, and Vivaldi.

join us on telegram

One of the vulnerabilities, tracked as CVE-2022-1364, is a type-obfuscating vulnerability, a high-severity zero-day vulnerability that is being actively abused by attackers. Google noted in its alert that the vulnerability was a type-confusion in Chromium V8 that affected the JavaScript engine used in the browser.

IN A TYPE OBFUSCATION VULNERABILITY, A PROGRAM ALLOCATES A RESOURCE, SUCH AS A POINTER OR OBJECT, USING ONE TYPE, BUT THEN ACCESSES THAT RESOURCE USING ANOTHER INCOMPATIBLE TYPE. IN SOME LANGUAGES, SUCH AS C AND C++, THE VULNERABILITY COULD CAUSE OUT-OF-BOUNDS MEMORY ACCESS.

This incompatibility can cause the browser to crash or throw a logic error. it has the potential to be exploited to execute arbitrary code.

according to the internet security center, “depending on the permissions associated with the application, an attacker can view, alter, or delete data.” if the application is configured to have fewer user rights on the system, the worst impact of exploiting this vulnerability could be less than if it were configured for administrative privileges.”

Clement Lecigne, who is affiliated with Google’s Threat Analysis Group (TAG), reported the vulnerability on April 13, the same day the company announced a fix. Google wrote in the alert: “Google knows that the vulnerability of CVE-2022-1364 has been exploited by hackers.”

Google officials did not release many details about the vulnerability, saying that information and links about the vulnerability were restricted until most users updated the fix, which would bring chrome to version 100.0.4896.127 on Windows, Linux and Mac platforms. They also said, “If the error exists in a third-party library that other projects also rely on, but has not been fixed, they will retain the limit.

Leave a Comment