Just last week the tech giant said North Korean hackers had exploited CVE-2022-0609 – which was patched in a February release – during two separate hacking campaigns. This is the second 0-day in Chrome that Google has announced this year. The initial vector was a Discord channel.” Additional intelligence was found during the attack analysis on, where we identified a phishing scam against a honey client that is used to identify client-side attacks on users within the crypto space. “CTCI identified exploitation of this vulnerability on but could not match it to any known CVEs. “This leads to logical errors in the application’s memory, allowing an attacker to run unrestricted malicious codes inside an application.
Michael Freeman, CTO of Cyber Threat Cognitive Intel (CTCI), said the vulnerability is a “type confusion” in the V8 JavaScript engine exploit, explaining that V8 is Chrome’s component that handles processing JavaScript code.Ī type confusion refers to coding bugs during which an app initializes data execution operations using the input of a specific “type” but is tricked into processing the incorrect input as a different “type,” he said. The vulnerability was only reported on the 23rd of March, and while Google’s Chrome team tends to be fairly prompt in developing, testing, and rolling patches, the idea of a patch for software deployed as widely as Chrome in 48 hours is something I continue to be impressed by.” “The second thing is the speed of the patch being rolled out. “This is pretty unusual for Google – they usually fix multiple issues in these types of releases – which suggests that they are quite concerned and very motivated to see fixes against CVE-2022-1096 applied across their user-base ASAP,” Ellis said. The vulnerability was submitted anonymously, according to Google.īugcrowd CTO Casey Ellis said the first thing that stood out about the update is that it only fixes a single issue. Little information is available about the issue but experts said it is tied to V8, Google’s open source JavaScript engine. Microsoft also released a warning about the issue and patched it for Edge users.
Google patched the bug for Windows, Mac, and Linux operating systems users in Chrome.
Google gave CVE-2022-1096 a high severity rating and said an exploit for the vulnerability exists in the wild. Google has released an urgent update for a 0-day vulnerability found on March 23 affecting Chrome. Google releases emergency security update for Chrome users after second 0-day of 2022 discovered
0 kommentar(er)
