Wahab Khan 
Chrome browser has been experiencing exploited high-severity vulnerability by attackers for some time now. Google has released a third emergency security update for 3.2 billion users of the Chrome web browser to fix the problem.
The latest security update reveals a single high-severity vulnerability after the first two back-to-back emergency updates in three weeks now. It is like the first nerve-racking threat triumvirate, and Google has acknowledged that attackers have exploited zero-day vulnerability.
In other words, the third patch aims to fix a type of confusion vulnerability actively being taken advantage of by attackers. Google has reportedly issued fixes for two weaknesses in Chrome. One of the two vulnerabilities is already exploited in the wild.
The emergency updates issued by Google influenced almost three billion users of the Chrome browser and those who use other browsers like Brave, Vivaldi, and Edge. One of the vulnerabilities is high severity and traced as CVE-2022-1364. It is a zero-day bug that cyber attackers have abused actively.
Google security updates include a program that will allocate a resource-like object with one type-confusion flaw. The later flaw will access the resource with another mismatched type. The vulnerability can lead to out-of-bounds memory access in computer language programs, such as C and C++.
With this incompatibility, the browser can crash or lead to logical errors. It is possible to exploit this vulnerability to perform arbitrary code. According to the Internet Security Center, an attacker can see, modify, or delete data based on the attributes associated with the application. If the configuration for this application is for fewer user rights on the relevant system, exploiting the most severe vulnerability could affect it less than it could if configured with administrative rights.
Google alert classifies the type of confusion as one of the vulnerabilities in Chromium V8 that impacts the JavaScript engine used by the web browser. Clement Lecigne, part of Google TAG, reported the abovementioned vulnerability on 13 April and Google proclaimed the fix the same day. Google alert revealed the company was aware of the active exploitation of CVE-2022-1364 in the wild.
Google officials haven’t shared much detail about the vulnerability, declaring that the company will keep links and information restricted unless they can update most users with the fix that could take Chrome web browser to version 100.0.4896.127 across Linux, Mac, and Windows platforms. The company will keep limitations if the vulnerability stays in a third-party library known for helping other projects to function similarly, although they haven’t received any fixing techniques.
Chrome will apply the security updates issued by Google in the coming weeks. The browser will be able to install these updates when you close and re-launch it. Experts believe Google should get used to issuing these types of security emergency fixes. Lately, Microsoft and Google released updates to fix a flaw in the Chromium V8 JavaScript engine being actively exploited. The bug known as CVE-2022-1096 was a high-severity flaw in Edge, Chrome, and other web browsers. According to the TAG team, two North Korean threat groups kept exploiting remote code execution vulnerability tracked as CVE-2022-0609 in the chrome web browser in movements dubbed Operation AppleJeus and Operation Dream Job.
