There are three inevitabilities in life: death, taxes, and software updates. Programs like Chrome can never be perfect, and security flaws will inevitability be discovered—the goal is just to squash those flaws with an update before bad actors can take advantage of them. Today, Chrome and Edge users find themselves in such a situation.
What’s wrong with Google Chrome?
Google dropped a new update for Chrome (version 99.0.4844.84) on Friday, March 25, with an accompanying changelog detailing a single security vulnerability. The zero-day flaw, CVE-2022-1096, is identified as high severity, and is a type confusion weakness in the Chrome V8 JavaScript engine.
Type confusion flaws occur when code reads or writes memory of the wrong type without checking ahead of time. While that often leads to the software simply failing, it can allow bad actors to exploit that process in order to run their own code.
The interesting thing about this update, however, is Google’s lack of detail about the flaw’s exploitation. The company confirmed the existence of attacks in the wild exploiting CVE-2022-1096, but didn’t elaborate beyond that. Google clearly wants enough users to update their browsers before sharing more information about this zero-day flaw in order to prevent more hackers from taking advantage of it.
Why do Microsoft Edge users need to update?
While it’s obvious to Chrome users to update their browsers, it’s important that Edge users do so as well. That’s because Microsoft built their browser using Chromium, the open-source codebase Chrome is powered by. Because they are both Chromium browsers, Chrome and Edge alike are threatened by this zero-day flaw, and need to be updated immediately.
How to update Chrome and Edge
Fortunately, it’s easy to check for updates for both browsers. Just click the three dots in the top-right corner of your browser window, head to “Help” (Chrome) or “Help and feedback” (Edge), then choose “About Google Chrome” or “About Microsoft Edge.” Here, you’ll be able to see if there is an available update to install. If so, go ahead and do so as soon as possible.
from Lifehacker https://ift.tt/Pma6tVy
0 comments:
Post a Comment