A type confusion flaw in the V8 JavaScript engine has been assigned the CVE-2022-1096 designation. Reports of the bug were first made on March 23, 2022, by an unidentified researcher.
Type confusion errors, which occur when a resource (e.g., a variable or an object) is accessed using a type that is incompatible with what was originally initialised, could have serious consequences in languages that are not memory-safe like C and C++, allowing a malicious actor to perform out-of-bounds memory access.
Using the wrong type of memory buffer access can result in reading or writing memory outside of the buffer’s bounds if the allocated buffer is smaller than the type to which the code is trying to gain access, according to MITRE’s Common Weakness Enumeration (CWE).
Also read: Game Pass might launch next week on PlayStation
It acknowledged that an exploit for CVE-2022-1096 “exists in the wild,” but did not provide any additional details in order to prevent any further exploitation and until the majority of users have been updated with a fix.
Chrome’s CVE-2022-1096, a use-after-free flaw in the animation component, was patched on February 14th of this year, making it the second zero-day vulnerability Google has addressed in Chrome this year.
TAG recently revealed the details of a North Korean nation-state campaign that used the flaw to attack U.S. businesses in the media, IT, cryptocurrency, and fintech industries, all of which are located in the United States.
Google Chrome users are strongly advised to upgrade to the latest version of 99.0.4844.84 for Windows, Mac, and Linux to protect themselves from any possible threats. As soon as the fixes become available, users of Chromium-based browsers like Opera, Microsoft Edge, and Vivaldi should also apply them.
Also read: Apple is rumored to introduce a subscription service for the iPhone