Google releases patch for high-severity Chrome vulnerability

Google releases patch for high-severity Chrome vulnerability

Posted on

Google LLC said Thursday that it’s releasing a security patch to fix a high-severity vulnerability in its Chrome browser.

The vulnerability is known as CVE-2022-1364. Google is “aware that an exploit for CVE-2022-1364 exists in the wild,” the company stated. 

Google’s patch for the vulnerability is set to roll out in the coming days and weeks. In Thursday’s announcement of the patch, the search giant shared few technical details about the vulnerability, noting that “access to bug details and links may be kept restricted until a majority of users are updated with a fix.” Chrome has about 3 billion users worldwide.

Google did disclose that the vulnerability affects the browser’s V8 JavaScript engine. The engine is responsible for processing the JavaScript code in web pages.

Before a computer can load a web page, the web page must be turned into a form that the computer’s central processing unit can run. That’s the task the V8 engine performs: It compiles websites’ JavaScript code into machine code, the low-level language that a CPU uses to carry out computations. V8 also makes optimizations to speed up loading times. 

V8 is included in not only Chrome but also Chromium, an open-source project that contains much of the code for Google’s popular browser. That’s significant because Chromium is the basis of several other browsers including Microsoft Edge. Google didn’t specify in its Thursday announcement of the vulnerability whether Microsoft Edge may be affected as well.

The search giant described the vulnerability as a type confusion flaw. In an application such as a browser, there are many components that ingest data and then use it to carry out computations. Often an application component can’t ingest any type of data, but rather focuses on processing one specific type of input. Type confusion vulnerabilities such as the flaw Google patched in Chrome this week emerge when an application component receives input that it was not designed to process.

A type configuration vulnerability in an application can potentially enable hackers to launch cyberattacks. The severity of the newly detailed Chrome vulnerability is rated “High,” the second-highest severity grade that a vulnerability can receive after “Critical.”

CVE-2022-1364 is the second type of confusion flaw affecting Chrome’s V8 engine that Google has patched in the past month. Google detailed the previous vulnerability on March 25. That vulnerability also affected Chromium, the open-source project on which Microsoft Edge is based, which led Microsoft Corp. to release a patch for its browser.

Image: Google

Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *