⚡ TL;DR | Go Straight to the Chrome 99 0-day Report
Google released a new version for Chrome 99 this weekend fixing one specific security issue listed as CVE-2022-1096. The new version with version number 99.0.4844.84 was released on March 25. Google mentions in its Chrome release post that it is aware that an exploit for CVE-2022-1096 exists in the wild.
- CVE-2022-1096 – Type Confusion in V8. Reported by anonymous on 2022-03-23
The vulnerability is a type confusion vulnerability in the V8 JavaScript engine. Explained simple, a type confusion allows attackers to access data in an unauthorized way, thereby executing malicious code. In detail, when the program accesses the resource using an incompatible type, this could trigger logical errors because the resource does not have expected properties. In languages without memory safety, such as C and C++, type confusion can lead to out-of-bounds memory access.
To aid in finding exactly which devices are not updated yet, the report below provides an overview of all Chrome installations and their version. It is color-coded to indicate which devices are safe and which devices still need to be updated.