Google Chrome’s second zero-day in 2022
Google Chrome’s second zero-day in 2022
THREAT LEVEL: Red.
For a detailed advisory, download the pdf file here
A zero-day vulnerability has been discovered in Google Chrome versions prior to 99.0.4844.84. A type of confusion vulnerability tracked as CVE-2022-1096, is acknowledged to be exploited in the wild.
This vulnerability affects the V8 component, which is used to parse JavaScript code in Google Chrome. A type of confusion refers to code errors in which an app begins data execution processes with a given “type” of input but is deceived into considering the input as a different “type”. The “type confusion” causes logical mistakes in the memory of the software. Successful exploitation of the vulnerability could allow an attacker to execute arbitrary code in the context of the browser.
We recommend organizations update to Chrome 99.0.4844.84 for Windows, Mac and Linux to avoid exploitation and mitigate any potential threats.
Potential MITRE ATT&CK TTPs are:
TA0042: Resource Development
T1588: Obtain Capabilities
T1588.006: Obtain Capabilities: Vulnerabilities
TA0001: Initial Access
T1190: Exploit Public-Facing Application
Vulnerability Details

Patch Link
https://www.google.com/intl/en/chrome/?standalone=1
References
https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1096