1. Summary
| Vulnerability Name | Google Chromium V8 Type Confusion Vulnerability (CVE-2022-1096) |
|---|---|
| Component Name | V8 |
| Affected Versions | Google Chrome < 99.0.4844.84 |
| Vulnerability Type | Type Confusion |
| Exploitability | Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required |
| Impact | Severity: High CVSS v3 Base Score: 8.8 Confidentiality Impact: High Integrity Impact: High Availability Impact: High |
2. About CVE-2022-1096
2.1 Introduction
V8 is a free and open-source JavaScript engine developed by the Chromium Project for Google Chrome and Chromium-based web browsers.
2.2 Summary
A type confusion vulnerability in V8 in Google Chrome allows a remote attacker to to potentially exploit heap corruption via a malicious website with a specially crafted HTML page.
CVE-2022-1096 was added to CISA’s Known Exploited Vulnerabilities Catalog on March 28, 2022, and Google is aware that an exploit exists in the wild.
3. Affected Versions
Google Chrome < 99.0.4844.84
4. Solutions
4.1 Remediation Solutions
Update Google Chrome to the latest version to fix this vulnerability. To update Google Chrome:
- On your computer, open Chrome
- At the top right, click More ⋮
- Click Help and then About Google Chrome
- Click Update Google Chrome
- Important: If you can't find this button, you're on the latest version
- Click Relaunch
5. Reference
https://nvd.nist.gov/vuln/detail/CVE-2022-1096
https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html
6. Learn More
Sangfor FarSight Labs researches the latest cyberthreats and unknown zero-day vulnerabilities, alerting customers to potential dangers to their organizations, and providing real-time solutions with actionable intelligence. Sangfor FarSight Labs works with other security vendors and the security community at large to identify and verify global cyberthreats, providing fast and easy protection for customers.
