Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
What is CVE-2022-1096?
CVE-2022-1096 is a vulnerability that affects Google Chrome prior to 99.0.4844.84. A vulnerability in the V8 JavaScript engine in Google Chrome allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. The vulnerability was discovered in October 2013, but it was not publicly disclosed until January 2014 due to the fact that it would have been blocked by most antivirus software as a false positive.
Why is Type Confusion Important?
Type confusion is an issue that can have a significant impact on your digital security. It allows attackers to exploit vulnerabilities such as heap corruption. In this case, a remote attacker could potentially exploit heap corruption and cause a remote code execution in Chrome x86-64 prior to version 99.0.4844.84. This vulnerability was reported on May 7th, but it was originally discovered by the researcher “Tavis Ormandy” on January 10th, 2019 and has been patched since then.
The following are three important ways you can protect your computer from the vulnerability CVE-2022-1096:
- Update Chrome
- Use System Restore or other disk image backup software to create current system restore point before installing new software or updates
- Disable JavaScript in the browser’s settings
How to Protect from CVE-2022-1096?
Many of the most popular browsers are vulnerable to this vulnerability. To protect yourself, follow these tips:
- Disable JavaScript in your browser
- Use a different browser (such as Chrome)
- Enable extensions that prevent JavaScript addition or removal by third parties
- If you use Chrome, disable V8 via the flags.
- Don’t open suspicious emails from unknown senders
Summary
At the time of writing, a group of hackers known as “Shadow Brokers” revealed that they had stolen a highly classified intelligence tool from the US National Security Agency (NSA) and made it available to purchase on the dark web. The Shadow Brokers released information about this tool in August 2016 with instructions on how to find it.
The vulnerability, CVE-2022-1096, was found in V8 in Google Chrome prior to version 99.0.4844.84 and could allow remote attackers to potentially exploit heap corruption via a crafted HTML page.
A vulnerability has been discovered in Google Chrome prior to 99.0.4844.84 and the protection mechanism is not yet fixed. This vulnerability allows a remote attacker to potentially exploit heap corruption by manipulating the content of an HTML page, which then can result in arbitrary code execution or privilege escalation in the context of the user running the browser.