Chrome and Edge hit with V8 type confusion vulnerability with in-the-wild exploit

Image: slyellow/Shutterstock

Google is urging users on Windows, macOS, and Linux to update Chrome builds to version 99.0.4844.84, following the discovery of a vulnerability that has an exploit in the wild.

Due to the this, the browser maker is being tight lipped on details.

“CVE-2022-1096: Type Confusion in V8. Reported by anonymous on 2022-03-23,” was as far as Google would explain the issue.

V8 is Chrome’s JavaScript engine — it is also used server-side in Node.js, but has not yet said it is impacted.

Google added that bug details would be restricted until a majority of users had updated the browser.

“We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but haven’t yet fixed,” it said on Friday.

A day later, Microsoft issued its own notice and said the issue was fixed in Edge version 99.0.1150.55 released the same day.

At the start of the month, Google said it was seeing more Chrome zero-day flaws in the wild.

Related Coverage

Read More: https://www.zdnet.com/article/chrome-and-edge-hit-with-v8-type-confusion-vulnerability-with-in-the-wild-exploit/#ftag=RSSbaffb68