Community, Diversity, Sustainability and other Overused Words

Backdoor in Google Chrome Browser, Forces Alphabet to Issue Unprecedented Emergency Security Update

Sukhdeepkakker at Google Inc Says Unprecedented Security Risk to you until you update your browser.

In a Chrome stable channel update announcement, published March 25, Google confirms it "is aware that an exploit for CVE-2022-1096 exists in the wild."

In an unprecedented response, Google Inc aka Alphabet, issued an emergency security update on its Chrome browser. It confirmed that attackers are exploiting "a high severity zero-day vulnerability," meaning your data could be mined by guys in a cafe in Lagos, Nigeria.

The emergency update to version 99.0.4844.84 of Chrome is highly unusual in that it addresses just a single security vulnerability," writes DAvey Winder, a senior contributor to Forbes. "A fact that only goes to emphasize how serious this one is."

"All Chrome users are therefore advised to ensure their browsers are updated as a matter of urgency," writes some guy in India named Sukhdeepkakker, who works for Google. No, I didn't make up his name, that's really it. Email me, and I'll forward the email to you. He was apparently last in line in Mumbai when they were passing out names.

What is CVE-2022-1096? Not much is known, at least publicly, at this stage about CVE-2022-1096 other than it is a "Type Confusion in V8." This refers to the JavaScript engine employed by Chrome. This holding back of detail is not unusual in such cases where a vulnerability is already being exploited by attackers. Google often will not reveal technical details until such a time as the update has been able to protect most of Chrome's 3.2 billion users.

Head for the Help|About option in your Google Chrome menu, and if the update is available, it will automatically start downloading.


Reader Comments(0)