Microsoft and Google release emergency patches for security vulnerabilities in Edge and Chrome

Google has released an emergency patch for the Windows, macOS and Linux versions of Chrome after the discovery of a zero-day vulnerability that the company says is being actively exploited.

The security fix comes as Microsoft releases a patch of its own for the same vulnerability (CVE-2022-1096) in Edge, its Chromium-based browser. While neither company has given much detail about the problem, Google describes it as being of high severity.

See also:

• Mozilla sets out its vision of the web of the future
• After tests, Microsoft has decided to add the 'System requirements not met' watermark to Windows 11
• Microsoft confirms it was hacked as Lapsus$ leaks 37GB of source code

Google's patch takes Chrome on all three platforms up to version Chrome 99.0.4844.84, with the company saying that external researchers contributed to discovering and fixing the problem. Because the vulnerability is known to be actively exploited, the company is giving away little detail, saying:

Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed.

Google goes on to share some information about the fix:

[$TBD][1309225] High CVE-2022-1096: Type Confusion in V8. Reported by anonymous on 2022-03-23

We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

Google is aware that an exploit for CVE-2022-1096 exists in the wild. 

To obtain the update, Chrome users should open the main menu in the browser and select Help > About Google Chrome.

As Microsoft Edge is based on the same Chromium engine as Chrome, it is little surprise that there is also a patch available for this browser. As with Google, Microsoft's post in its Security Response Center gives little away saying simply:

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

Google is aware that an exploit for CVE-2022-1096 exists in the wild.

The update process for Edge is much the same as Chrome. Open the main menu in the browser and select Help and Feedback > About Microsoft Edge.

Image credit: Ilya Sergeevych / Shutterstock