Google issues emergency security warning for 3.2 billion Chrome users

Google has issued an emergency security update for all Chrome users as it confirms that attackers are already exploiting a high severity zero-day vulnerability.In a Chrome stable channel update announcement, published March 25, Google confirms it "is aware that an exploit for CVE-2022-1096 exists in the wild." All Chrome users are therefore advised to ensure their browsers are updated as a matter of urgency. You can check your version number by opening the chrome menu, going to “Help”, then “About Google Chrome”. 

This page will check your version and confirm whether you are fully up to date and tell you the version you are on. Tracked as CVE-2022-1096, the zero-day flaw relates to a type confusion vulnerability in the V8 JavaScript engine. An anonymous researcher has been credited with reporting the bug on March 23, 2022.Type confusion errors, which arise when a resource (e.g., a variable or an object) is accessed using a type that's incompatible to what was originally initialized, could have serious consequences in languages that are not memory safe like C and C++, enabling a malicious actor to perform out-of-bounds memory access. The tech giant acknowledged it's "aware that an exploit for CVE-2022-1096 exists in the wild," but stopped short of sharing additional specifics so as to prevent further exploitation and until a majority of users are updated with a fix.CVE-2022-1096 is the second zero-day vulnerability addressed by Google in Chrome since the start of the year, the first being CVE-2022-0609, a use-after-free vulnerability in the Animation component that was patched on February 14, 2022.