Google and Microsoft Patch Critical Zero-Day Vulnerabilities

Over the past couple of days, Google and Microsoft have issued emergency updates for all Chrome and Edge browser users as they confirm that malicious attackers are already exploiting a critical zero-day vulnerability.

Google Zero-Day Vulnerability

Google’s latest zero-day vulnerability, tracked as CVE-2022-1096, was confirmed by the company on March 25th.

There is very little information publicly known about the vulnerability at this stage, other than the zero-day is a “Type Confusion” flaw found in the V8 Javascript engine that is used by Chrome.

Google’s withholding of information on the vulnerability in this case is not unusual. It is a tactic used to protect users until the vulnerability can be remediated, as malicious attackers who have found the flaw are actively exploiting the vulnerability.

Google has stated that “Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.”

Since the announcement of the zero-day, Google has updated Chrome to version 99.0.4844.84 and will be rolling it out to users in the coming days.

The update will address only a single security vulnerability, emphasising the severity of the impact it may have.

Microsoft Zero-Day Vulnerability

On March 26th, Microsoft released a separate notice announcing the vulnerability that is affecting Chrome, is also affecting Microsoft Edge due to it being a Chromium-based browser.

Edge has also been updated to protect users against the zero-day exploit.

Installing Patches

Google Chrome

To check that your Google Chrome browser has been updated to version 99.0.4844.84, navigate to Chrome Menu > Help > About Google Chrome.

Microsoft Edge

To check that your Microsoft Edge Browser has been updated to version 99.0.1150.55, navigate to settings/about. If the version is 99.0.1150.55 or higher, it is no longer vulnerable to the zero-day issue.

Chromium powers a large number of browsers including Opera, Vivaldi, Brave and Colibri. It is expected that updates will be pushed out over the coming days.

How can we help?

Secora Consulting offers a wide range of services that we tailor to meet our client’s requirements.

Our Vulnerability Assessment service can provide you with a prioritised list of your vulnerabilities and easy to follow remediation advice to immediately improve your cyber security posture.

Partner with us today, our experienced consultants will go the extra mile to ensure your organisation stays secure by:

• Validating implemented security controls
• Prioritising your risks based on their exploitability and impact
• Providing expert and effective advice to immediately improve your cybersecurity posture
• Understanding how uncovered issues will affect your organisation, operations availability and profitability