Science & Technology News

2022-03-28 10:57:12+00:00

Google released a patch for Chrome 99 that fixes a zero-day vulnerability in the V8 JavaScript engine

Google has released an extraordinary Chrome update 99.0.4844.84 for Windows, macOS and Linux. In it, the company eliminated a zero-day vulnerability that was exploited by attackers. It has received the CVE-2022-1096 number and is related to the lack of object type checking in the Chrome V8 JavaScript engine.

Google itself does not report any details about this vulnerability, waiting for browser updates. The updated version of the browser is already rolling out on the Stable Desktop channel and will be available to all users in the coming days or weeks. Updates are automatically installed in the background. Alternatively, the user can select the "Help" item in the program menu and go to "About Google Chrome", and then restart the browser.

The fact that the vulnerability is related specifically to the Chrome V8 engine was reported by an anonymous cybersecurity specialist. According to him, its successful exploitation allows reading or writing data to memory outside the buffer, as well as launching arbitrary code execution.

“Access to bug details and links may be limited until most users receive the hotfix update. We will also keep the restrictions if the bug is present in a third-party library that other projects that have not yet been fixed depend on in a similar way, ”Google said.

A year ago, the researcher already released a working exploit for the V8 JavaScript engine vulnerability in Chromium-based browsers. When the PoC HTML file and its corresponding JavaScript file are loaded into the browser, they exploit the vulnerability to launch the Windows Calculator program (calc.exe). However, in order for the exploit to work, it needs to be linked to another vulnerability that will bypass the Chromium sandbox. Subsequently, Google updated the engine.

In August 2021, Microsoft announced that it was experimenting with a new "Super Duper Secure Mode" feature in Edge to improve security without significant performance hits. When enabled, the new mode removes JIT compilation from the V8 processing pipeline, reducing the attack surface. It turned out that about 45% of the vulnerabilities found in the V8 JavaScript and WebAssembly engine were related to the JIT engine, and more than half of all "normal" Chrome exploits use JIT bugs.

bbabo.Net

Intel is considering building a plant in India
In December, it was reported that Tower Semiconductor was considering building a semiconductor manufacturing
Mercedes-Benz expects to acquire production lines that produce only electric vehicles in the coming years
According to the source, Mercedes-Benz will for now refrain from building factories solely for the production
Asus Pro H610T D4-CSM Thin mini-ITX board is designed for Intel LGA1700 processors
The Asus catalog has been replenished with the Pro H610T D4-CSM motherboard in the Thin mini-ITX size
Direct road to the abyss: Pashinyan is leading Armenia away from Russia along the Ukrainian path
Ukraine (bbabo.net), - So, the United States and the European Union held a trilateral meeting with the

Science & Technology News

Google released a patch for Chrome 99 that fixes a zero-day vulnerability in the V8 JavaScript engine

Intel is considering building a plant in India

Mercedes-Benz expects to acquire production lines that produce only electric vehicles in the coming years

Asus Pro H610T D4-CSM Thin mini-ITX board is designed for Intel LGA1700 processors

Direct road to the abyss: Pashinyan is leading Armenia away from Russia along the Ukrainian path