Google Urges Everyone To Patch This Actively Exploited Chrome Flaw ASAP

scaled chrome
Google is warming of a major security flaw in chrome and is recommending users update their browsers ASAP.

Yesterday, Google issued a security update on the Stable Channel for the Google Chrome web browser. The bug, labeled as CVE-2022-1096, takes advantage of an issue with variable types in the V8 JavaScript Engine for Google Chrome. According to Google and other security researchers, malware creators are already taking advantage of the vulnerability. As such, Google has issued a statement encouraging all users to update the browser as soon as possible.

While the bug report on Chromium's issue page is locked down, the method of execution is already known. The error is a "type confusion error." Effectively, if a variable or memory location is accessed using the wrong type it can cause a crash or memory out of bounds fault, sometimes allowing arbitrary code execution. It is a common issue in languages that are not considered type-safe, such as C, C++, or even JavaScript, which is where the threat comes from in web browsers. While there is type-safe JavaScript, known as TypeScript, unfortunately, the actual execution on the software running the code still runs as JavaScript itself.
javascript code
The basic concept of Type-Safe code is that you always know what kind of data you are handling. In most forms of JavaScript, you can declare any variable and it will take any type, a string, an integer, etc. But in type-safe code, you have to declare your variable as well as the type of variable the code should expect, meaning you can't store a string into an integer.

The vulnerability, which as stated, is believed to already be in use, is also present in Chromium, the development form of the Chrome web browser. Chromium is also the basis for numerous other web browsers and applications, including Microsoft Edge, Opera, Vivaldi, Brave, and even the Electron development libraries. As such Google has also stated that they encourage developers to make sure they update and issue patches to their users.
Screenshot of the update panel in Google Chrome

In order to check if Google Chrome is up to date, or to force an update you can visit chrome://settings/help via your address bar and check to see if the current version shown is 99.0.4844.84 or greater. If it is then you're good to go, if not you should see a prompt allowing you to update.