On March 25th, 2022 Google published a security advisory referencing CVE-2022-1096 indicating that it is “aware that an exploit for CVE-2022-1096 exists in the wild.”
Google has not released any details on the method of exploit, or other specifics of the exploit.
Simultaneously, Google has released Chrome version 99.0.4844.84 to address this vulnerability which is available on the Stable Desktop channel.
Google describes this as a high severity vulnerability which is considered a type confusion weakness. This vulnerability is in Chrome’s JavaScript engine and was submitted by an anonymous source.
This is the second zero-day Chrome vulnerability with exploits in the wild in 2022 with the first being CVE-2022-0609 (also resolved via update in February).
Because of Google’s admission that an exploit already exists for this vulnerability and the release of an update to resolve it, it is strongly recommended that all organizations which can update to the latest Chrome version 99.0.4844.84 do so.
While Google Chrome can be manually updated, the level of effort required and lack of feedback and logging may not make this the preferred option for most organizations.
If your organization maintains a centralized software patch management platform that can handle upgrading third-party applications, they can be used to deploy the latest Google Chrome version to address the vulnerability. Examples of such solutions include Microsoft Endpoint Manager (Configuration Manager, Microsoft Intune) and Kaseya VSA with Software Management.
Microsoft Group Policy also provides options both to force Chrome to automatically update via custom Google Chrome administrative templates or to deploy Google Chrome through Software installation computer group policies.
For how Anexinet can help keep your endpoints secure against ever-evolving cyber security threats, please reach out to your Service Delivery Manager, Account Executive, or contact us here.
Service Delivery Manager
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Cookie | Duration | Description |
---|---|---|
cookielawinfo-checbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
cookielawinfo-checbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
cookielawinfo-checbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.