According to the latest report, Google officially issued a Chrome risk warning, reporting a vulnerability numbered CVE-2022-1364, with a vulnerability level of “high risk” and a vulnerability score of “8.5”. The difficulty of exploitation is low, and it is emphasized that the vulnerability has been detected and exploited.
Join tip3x on Telegram
Now, Google has released the latest Chrome 100.0.4896.127 for Windows, Mac, and Linux, and successfully fixed this vulnerability. It also recommends that Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi fix this vulnerability as soon as possible.
The urgently patched vulnerability is CVE-2022-1364, a high-severity type confusion vulnerability that causes Chromium V8 to type confusion, affecting the JavaScript engine used in the browser. Such vulnerabilities can often cause the browser to crash or execute arbitrary code after successfully reading or writing memory that exceeds the buffer limit.
Moreover, Google Chrome code is written based on other open-source software, including Apple WebKit and Mozilla Firefox, and on this basis has developed this “V8” high-performance JavaScript engine.
The vulnerability was first discovered by Clément Lecigne, a researcher on Google’s Threat Analysis team, and has identified it as a high-risk vulnerability. Google also said that programs that exploited the vulnerability to attack others have started circulating on the Internet.
It is reported that this is the third Chrome zero-day vulnerability discovered since the beginning of this year. Google urgently patched two other types of confusion vulnerabilities in the v8 engine in mid-February and end-March, respectively, CVE-2022-0609 and CVE-2022-1096.
