Google released version 99.0.4844.84 from Chrome, the world’s most used web browser, for Windows, Mac and Linux users. As explained by the company, it is critical to have it updated since it had a security flaw (“exploit”) that could be exploited by cybercriminals.
“Google is aware that an exploit exists for CVE-2022-1096,” the company had explained. a security advisory published on Friday.
Thus, the latest version is already rolling out around the world and Google says it could be a matter of weeks until it reaches the entire user base.
This update was immediately available when Clarín checked it out. Of course, it was activated when reviewing the version in the menu of Chrome > Help > About Google Chrome.
For security reasons, in the registry of all the changes that this new version of Chrome brings, it is not specified what type of security hole the engineers have found, basically so as not to give clues to other cybercriminals and they can take advantage of it during the next few days. The Navigator web will also automatically check for new updates and automatically install them after the next release.
It is likely that once the vast bulk of Chrome users have upgraded to the browser, Google will give more details about it. This security flaw is tagged CVE-2022-1096 and is described as a “V8 type confusion” vulnerability.
The “exploit” that they could take advantage of to hack
users. The bug they spotted had to do with a weakness issue in the Chrome V8 JavaScript engine reported by an ianonymous security researcher who warned the company.
Although Google said it detected attacks exploiting this zero-day on computers (“in the wild”, as the jargon goes), the company did not share technical details or additional information about these incidents.
“Access to bug details and links may be kept restricted until most users are updated with a fix,” Google said.
“We will also keep the restrictions if the bug exists in a third-party library that other projects similarly rely on, but have not yet been fixed,” they added.
Google Chrome users should have enough time to update Chrome and avoid exploit attempts until more information is released by the browser vendor.
It is not the first time that Google Chrome has had security problems. “Day Zero” was exploited by two separate threat groups backed by the North Korean government in campaigns that push malware through phishing emails, using bogus job lures and compromised websites hosting hidden iframes to serve an exploit kit.
“The emails contained links that spoofed legitimate job search websites such as Indeed and ZipRecruiter,” the researchers explained.
“In other cases, we observed fake websites, already set up to distribute trojanized cryptocurrency apps, hosting iframes and direct your visitors to the exploit kit“, they added.
The truth is that these cases serve to be careful to check our browser and what version are we running?