Google releases patch for high-severity Chrome vulnerability
Google LLC said Thursday that it’s releasing a security patch to fix a high-severity vulnerability in its Chrome browser.
The vulnerability is known as CVE-2022-1364. Google is “aware that an exploit for CVE-2022-1364 exists in the wild,” the company stated.
Google’s patch for the vulnerability is set to roll out in the coming days and weeks. In Thursday’s announcement of the patch, the search giant shared few technical details about the vulnerability, noting that “access to bug details and links may be kept restricted until a majority of users are updated with a fix.” Chrome has about 3 billion users worldwide.
V8 is included in not only Chrome but also Chromium, an open-source project that contains much of the code for Google’s popular browser. That’s significant because Chromium is the basis of several other browsers including Microsoft Edge. Google didn’t specify in its Thursday announcement of the vulnerability whether Microsoft Edge may be affected as well.
The search giant described the vulnerability as a type confusion flaw. In an application such as a browser, there are many components that ingest data and then use it to carry out computations. Often an application component can’t ingest any type of data, but rather focuses on processing one specific type of input. Type confusion vulnerabilities such as the flaw Google patched in Chrome this week emerge when an application component receives input that it was not designed to process.
A type configuration vulnerability in an application can potentially enable hackers to launch cyberattacks. The severity of the newly detailed Chrome vulnerability is rated “High,” the second-highest severity grade that a vulnerability can receive after “Critical.”
CVE-2022-1364 is the second type of confusion flaw affecting Chrome’s V8 engine that Google has patched in the past month. Google detailed the previous vulnerability on March 25. That vulnerability also affected Chromium, the open-source project on which Microsoft Edge is based, which led Microsoft Corp. to release a patch for its browser.
A message from John Furrier, co-founder of SiliconANGLE:
Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.
We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.