Cyber Security Bulletin: Hackers Exploit Critical Chrome & Edge Vulnerability

Both Google and Microsoft are pushing emergency updates to patch a critical vulnerability in their browsers. Hackers are actively exploiting this vulnerability, which allows for remote code execution within the browser Javascript engine.

This vulnerability, called CVE-2022-1096, was reported to Google by an anonymous user or researcher. It appears to affect all Chromium-based browsers, including Opera and Brave.

Details on the vulnerability are slim, but we do know that the vulnerability allows for “type-confusion” attacks in the browser V8 Javascript engine. Basically, hackers can confuse the browser, forcing it to read and write data on your machine without permission.

At this time there is limited official information from the browser vendor. We suggest that you update Chrome and Edge immediately to avoid the problem.

Google will reveal more information on this vulnerability once a majority of its users install the emergency update. The company will also wait for other Chromium browsers to patch the problem—Microsoft Edge is rolling out its fix, but competitors like Brave and Opera are still working on it.

Please reach out to your SRG Contact for more information on how to protect yourself and your business. Alternatively, you can contact SRG at admin@securityresourcegroup.com.