the web browser Chrome it is in the stable version 99.0.4844.84 by Linux, Mac OS and Windows published. It only contains a single bug fix, with which the manufacturer closes a security hole that was reported anonymously on Wednesday of the week. The exploit code for the vulnerability has already appeared in the wild, the company confirms.
In the release blog, Google developers only list one vulnerability that seals the new version. As usual, they are reluctant to provide details on user protection at the moment. Only a brief description explains that this is a type confusion vulnerability.
No details known so far
The program does not correctly check the type of transferred data, which can lead to all kinds of errors due to the lack of type conversion and data structures of different sizes, for example, in subsequent copy operations; Resulting buffer overflows are conceivable, allowing injected malicious code to be executed.
The vulnerability affects According to Google’s launch blog post The Chrome V8 JavaScript Engine (CVE-2022-1096). Chrome developers claim that risk vulnerability as high a. Details of the vulnerability are lacking, but visiting a maliciously crafted website is likely enough to exploit the vulnerability: JavaScript can be used by any website.
The update should be distributed in the coming days and weeks. However, it is advisable to check if the bug-fixed version is already installed after clicking the three-dot menu in “Help” – “About Google Chrome” in the menu at the top right. If necessary, this starts the download and installation.
To activate the new version, a browser restart is required. Most recently, Google closed critical security holes in the Chrome web browser nearly two weeks ago.
(DMK)