Google released a third security update this year to patch a major vulnerability in the Chrome browser. The company announced on April 13 that “Google is aware that an exploit for CVE-2022-1364 exists in the wild” and released a stable security update on April 15.
Attackers have been exploiting the flaw labeled as CVE-2022-1364 and Google is yet to establish the full repercussions of this security breach. The company urges all Chrome and Chromium users to update their browser as soon as possible.
What Is CVE-2022-1364 and How Serious Is It?
CVE-2022-1364 is a type confusion vulnerability inside Chrome V8, which is the JavaScript engine for all Chromium-based web browsers. The flaw causes the program to assign a variable or an object using a certain type and then access it using a different type that is incompatible. This can result in logical errors, out-of-bounds memory access, and browser crashes.
What does that mean?
It means Chrome, Microsoft Edge, Vivaldi, Opera, Brave and other browsers that run on the Chromium codebase are vulnerable. Attackers can exploit the type vulnerability to view or change data.
Security patches have been rolling out for Chrome, Microsoft Edge, and other affected browsers and developers are expecting users to update within the next few weeks. Cyberattacks are likely to ramp up until all the browsers have been updated.
Not the First Time
Google isn’t dealing with the first zero-day exploit of 2022
On February 10, Google discovered a remote code execution vulnerability that was exploited as early as January 5. What’s even worse is that the company uncovered successful attacks coming from state-sponsored North Korean hacker groups.
The attackers used the flaw dubbed as CVE-2022-0609 to target the media, IT, cryptocurrency, and fintech sectors through suspected malware uploads. They were able to spy on computers through compromised browsers and steal sensitive data. Google patched the vulnerability on Valentine’s Day and observed the attackers making further unsuccessful attempts the days after.
But Chrome’s issues didn’t stop there.
In March, Google discovered the first Chrome V8 type confusion vulnerability of this year and labeled it CVE-2022-1096. The company didn’t offer much information about the flaw and how it was being exploited other than the fact it was high on the severity scale. Since it affected the JavaScript engine for all Chromium-based browsers, Google, Microsoft, and other developers rushed to fix it.
Judging by the pattern of cybersecurity attacks, including the Lapsus$ hacks earlier this year, we are likely to see more vulnerabilities exposed by security breaches in the near future.
Update Your Browser
To patch Chrome against this flaw you need version 100.0.4896.127 or later. This update is available for Windows, Mac, Linux, Android, and iOS and is installed automatically.
Brave and Microsoft Edge users can also rejoice as of April 15 since they patched CVE-2022-1364. Both browsers update automatically and you should already have the latest version installed. Check your Microsoft Edge version to make sure it’s 100.0.1185.44. As for Brave, the latest build that fixes the type vulnerability is 1.37.116.
If you need to update any of the other Chromium browsers, check the version to see if it’s based on Chromium build 100.0.4896.127 and you’re good to go.
Protect Yourself from Security Breaches and Exploits
No software is safe from vulnerabilities and attacks, including Google Chrome. As the cybersecurity war continues, you need to take a few extra steps to protect your privacy and data. One of those steps is CyberGhost VPN.
Our VPN encrypts your data with the latest security methods to prevent hackers from gaining access to it. CyberGhost VPN also helps protect your privacy on the web by hiding your IP address so cybercriminals can’t find your real location and identity.
Leave a comment