Both Google and Microsoft are pushing emergency updates to patch a critical vulnerability in their browsers. Hackers are actively exploiting this vulnerability, which allows for remote code execution within the V8 Javascript engine. We suggest that you update Chrome and Edge immediately to avoid the problem.
This vulnerability, called CVE-2022-1096, was reported to Google by an anonymous user or researcher. It appears to affect all Chromium-based browsers, including Opera and Brave. Details on the vulnerability are slim, as Google doesn’t want to share any information that may be useful to hackers.
Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.
We do know that CVE-2022-1096 allows for “type-confusion” attacks in the V8 Javascript engine. Like all things Javascript, this is a bit difficult to explain, and Google is being pretty tight-lipped. So, here’s the gist; hackers can confuse the V8 engine, forcing it to read and write data on your machine without permission.
Google will reveal more information on this vulnerability once a majority of its users install the emergency update. The company will also wait for other Chromium browsers to patch the problem—Microsoft Edge is rolling out its fix, but competitors like Brave and Opera are still working on it.
Both Chrome and Edge are supposed to update automatically. That said, you should paste chrome://settings/help or edge://settings/help in your address bar to see that you’re running version 99.0.4844.84 of Chrome or version 99.0.1150.55 of Microsoft Edge.