Google Issues Warning For Billions Of Chrome Users

03/28 Update below. This post was originally published on March 26

Google has issued an urgent upgrade warning to its billions of Chrome users around the world. Here is everything you need to know to stay safe.

MORE FROM FORBESGoogle Confirms Rise In Serious Chrome Attacks – And Why

Google issued the warning on its official Chrome blog, revealing that Chrome on Windows, macOS and Linux is vulnerable to a new ‘zero-day’ hack (CVE-2022-1096). Zero-day is the most dangerous form of attack because it means the vulnerability is known to hackers before Google could issue a fix. As the company admits, “Google is aware that an exploit for CVE-2022-1096 exists in the wild.” This means every Chrome user is vulnerable.

03/28 Update: Microsoft has now confirmed that the same zero-day hack affects its Edge browser. The company published a new update on its Security Response Center confirming that the exploit impacts all Chromium-based browsers: “The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based).” This means that other Chromium-based browsers, including Amazon Silk, Brave, Opera, Samsung Internet (bundled on its Galaxy smartphones), Vivaldi and Yandex browser are all highly likely to have been affected.

Microsoft also confirms that it has released a fix for Edge based on the Chromium update that Google already launched for Chrome. To get it, follow these steps:

  1. In your Microsoft Edge browser, click on the 3 dots (…) on the very right-hand side of the window
  2. Click on ‘Help and Feedback’
  3. Click on ‘About Microsoft Edge’

Microsoft states that the patched version of Edge is 99.0.1150.553, so if your browser is showing a lower number then you are still vulnerable.

Google is currently restricting information about the exploit to buy time for Chrome users to upgrade. At the time of publication, all the company has revealed is the threat level (“High”), the area of ​​attack and who discovered it (it was an anonymous tip-off):

  • High – CVE-2022-1096: Type Confusion in V8. Reported by anonymous on 2022-03-23

V8 is Chrome’s component that’s responsible for processing JavaScript, the engine at the heart of Chrome, and the hack tricks the browser into running a different type of (in this case, malicious) code. V8 attacks have been relatively rare in recent months but they can be among the most dangerous, if a hacker is able to create a successful exploit.

In response, Google has announced an emergency update for Chrome (99.0.4844.84) ​​“for Windows, Mac and Linux which will roll out over the coming days/weeks”. To check your browser version, navigate to Settings > Help > About Google Chrome — this will also force Chrome to check for updates. Note: you are not protected until you restart the browser.

This is Chrome’s second zero-day hack in 2022, a relatively low number despite Google warning zero-day hacks are rising. Take no changes, check your browser right now.

___

Follow Gordon on Facebook

More On Forbes

New Edge, Firefox, Chrome ‘100’ Updates Will Break Some Websites

Google Confirms ‘Critical’ New Chrome Hack, Issues Urgent Fix

.

Leave a Reply