Google’s Emergency Update For Chrome

Google has issued an emergency security update pertaining to all Chrome users after it received confirmation that attackers were exploiting a high-severity zero-day vulnerability in the platform. The emergency update is highly unusual as it addresses just one security flaw, validating its urgency. 

Google published a Chrome stable channel update announcement on March 25, confirming reports that an exploit for the vulnerability exists in the wild.All Chrome users are therefore advised to ensure that their browsers are updates as soon as possible. Not much else is known about the vulnerability, tracked as CVE-2022-1096, other than that it is referred to as a Type Confusion in V8. 

Google isn’t saying much more than that there have already been attacks using this zero-day vulnerability. 
Zero-day is the most dangerous form of attack because it means the vulnerability is known to hackers before Google could address and fix it.

As a precaution, the business has withheld certain information from the public, noting that complete specifics on how the exploit worked would not be made public until the majority of customers have the update.

Fortunately, Google was able to deploy a fix before the attack was widely publicised and Chrome version 99.0.4844.84 should be installed as soon as feasible.

The emergency Chrome update to version 99.0.4844.84 is unique in that it only fixes a single security flaw. As a result, all Chrome users are recommended to upgrade their browsers as soon as possible. This references the JavaScript engine employed by Chrome.

The lack of detail is not surprising as the flaw is already being exploited by attackers. Google will likely reveal technical details when an update is able to protect most of the company’s users. Remember to restart your browser after the update has been installed, or it will not activate, and you will still be vulnerable to attack.

Matzav:    Oodaloop:     Toolbox:    Forbes:     Medium:     Happy Geek:     Daily Advent:    Premium Times:

You Might Also Read: 

Log4j Cyber Security Flaw Seriously Concerns Experts:

 

« Russia Hacked Ukrainian Satellite Communications
Cyber Security: GCHQ's Director Speaks Out »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CERT.GOV.AZ

CERT.GOV.AZ

Azerbaijan Government Computer Incident Response Team

Skkynet Cloud Systems

Skkynet Cloud Systems

Skkynet is a leader in real-time data systems for the secure management and control of industrial processes (SCADA) and embedded devices (M2M).

Applied Risk

Applied Risk

Applied Risk is an established leader in Industrial Control Systems security, focused on critical infrastructure security and combating security breaches that pose a significant threat.

sayTEC

sayTEC

sayTEC's mission is to develop and deliver next-generation products and services in encrypted data and voice transmission.

NITA Uganda (NITA-U)

NITA Uganda (NITA-U)

NITA-U has put in place the Information security framework to provide Uganda with the necessary process, policies, standards and guideline to help in Information Assurance.

Pixalate

Pixalate

Pixalate is an omni-channel fraud intelligence company that works with brands and platforms to prevent invalid traffic and improve ad inventory quality.

International Cybersecurity Forum (FIC)

International Cybersecurity Forum (FIC)

The International Cybersecurity Forum (FIC) has established itself as the benchmark event in Europe in terms of digital security and trust.

Guidehouse

Guidehouse

Guidehouse is a leading global provider of consulting services to the public and commercial markets with broad capabilities in management, technology, and risk consulting.

Cybermerc

Cybermerc

Cybermerc's services, training programmes and cyber security solutions are designed to forge collaborations across industry, government and academia, for collective defence of our digital borders.

Senserva

Senserva

Senserva delivers a deep analysis for security user accounts and applications within the Microsoft cloud environment.

Query.ai

Query.ai

At Query.AI, we are committed to helping companies unlock the power of their security data, so they are empowered to meet security investigation and response goals while simultaneously reducing costs.

Deeper Network

Deeper Network

Deeper Network represents the world's first decentralized blockchain network for building a truly private, secure and fair Internet.

Entech

Entech

Entech is a managed IT service provider. We work behind the scenes on your network to ensure data security and integrity.

DV Cyber Security

DV Cyber Security

DV Cyber (formerly A76) is an innovative cyber security company vertically focused on Threat Intelligence and Cyber Security Research.

Zeus Cloud

Zeus Cloud

Zeus Cloud provide clients with world-class web hosting services to businesses both big and small.

Fivecast

Fivecast

Fivecast is enabling a safer world. We help organizations around the world explore masses of data to uncover actionable insights.