Emergency Google Chrome Update Addresses Vulnerability

Emergency Google Chrome Update Addresses Vulnerability

Details

On March 25th, 2022 Google published a security advisory referencing CVE-2022-1096 indicating that it is “aware that an exploit for CVE-2022-1096 exists in the wild.”

Google has not released any details on the method of exploit, or other specifics of the exploit. 

Simultaneously, Google has released Chrome version 99.0.4844.84 to address this vulnerability which is available on the Stable Desktop channel. 

Google describes this as a high severity vulnerability which is considered a type confusion weakness. This vulnerability is in Chrome’s JavaScript engine and was submitted by an anonymous source. 

This is the second zero-day Chrome vulnerability with exploits in the wild in 2022 with the first being CVE-2022-0609 (also resolved via update in February). 

Recommended Action

Because of Google’s admission that an exploit already exists for this vulnerability and the release of an update to resolve it, it is strongly recommended that all organizations which can update to the latest Chrome version 99.0.4844.84 do so. 

While Google Chrome can be manually updated, the level of effort required and lack of feedback and logging may not make this the preferred option for most organizations. 

If your organization maintains a centralized software patch management platform that can handle upgrading third-party applications, they can be used to deploy the latest Google Chrome version to address the vulnerability. Examples of such solutions include Microsoft Endpoint Manager (Configuration Manager, Microsoft Intune) and Kaseya VSA with Software Management. 

Microsoft Group Policy also provides options both to force Chrome to automatically update via custom Google Chrome administrative templates or to deploy Google Chrome through Software installation computer group policies. 

For how Anexinet can help keep your endpoints secure against ever-evolving cyber security threats, please reach out to your Service Delivery Manager, Account Executive, or contact us here. 

Have industry news sent right to your Inbox

Name
This field is for validation purposes and should be left unchanged.

Related Content

data security

Building Cyber Resilience: Ensure Data Is Available
Read More →
Russia Ukraine Cyber Conflict Security Alert

Security High Alert during Russia-Ukraine Cyber Conflict
Read More →

Episode 70: Zero Trust with Palo Alto 
Read More →
DNS Security

Why Organizations Need DNS Threat Intelligence
Read More →
by Ben Birnstein
Share on

Facebook sharing Linkedin sharing button Twitter sharing button
Ben Birnstein

Service Delivery Manager

Cloud/Systems Engineer with a demonstrated history of expertise in project management and execution. Skilled with VMware data centers, Azure-hosted and Microsoft Server environments. Experience in strategy and architecting of solutions in cloud-first and cloud-only environments. Focusing on business cases for cost-driven migrations and solutions.

Follow:

Linkedin Logo