This is not a drill: If you use Chrome or Edge, update your browser immediately to protect against a newly discovered vulnerability in the V8 JavaScript engine. Released on Friday, Chrome version 99.0.4844.84 patches issue CVE-2022-1096—which Google says already has a known exploit.
Microsoft Edge version 99.0.1150.55 also addresses this bug. Users of other Chromium browers like Opera should be on alert for brower updates as well.
Details on how the vulnerability explicitly works have yet to be released, as is common during early days for high-severity flaws. Companies often delay in explanations in order to give affected parties time to apply fixes or eliminate the issue in affected third-party code. For the moment, Google has only shared that this bug was reported anonymously on March 23, and that it is a type confusion bug. Type confusion bugs can be exploited to execute malicious code.
Browsers with pending updates should see a green dot on the settings icon of their window (usually a three-dot icon in the far upper right part of the screen). If you don’t, here’s how to check your browser version:
- Chrome: Click on the three-dot settings icon on the far right of your menu bar. Then choose Help > About Google Chrome. You can also instead type chrome://settings/help into your address bar.
- Edge: Click on the three-dot settings icon on the far right of your menu bar. Then choose Help and feedback > About Microsoft Edge. You can also instead type edge://settings/help into the address bar.
Checking settings in other Chromium-browers should be similar, though the location of your settings icon may be in a different location. For example, Opera puts that menu in the far upper-left corner of the window.
