Google noted the vulnerability as a “Type Confusion in V8,” and nothing else. The company said to hold more information on this bug until the majority of users update their browsers. Also, it retains the restrictions if the bug exists in a third-party library where other projects rely on and are yet to patch.
Vulnerability in Chrome and Edge Browsers
We often see different types of bugs arising in most software platforms. And it’s the duty of both the OEM and users to keep themselves updated by patching as soon as they find out. And this process often involves the OEM officially disclosing the details of bugs too. But, Google is holding the information about a bug (CVE-2022-1096) it was told recently and is awaiting more users to update before sharing it publicly. Noted as a Type Confusion in V8, Google said the working exploit for this vulnerability is in wild, thus not disclosing the details. V8 is Chrome’s JavaScript engine and is used server-side in Node.js. While it’s not impacted yet, it’s just the criticality of the bug that forces Google to stay calm. The company also said it will “retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but haven’t yet fixed.” Google released Chrome version 99.0.4844.84 with a patch for this bug in it, recommending users to update immediately. And a day later, Microsoft issued a similar notice saying that the bug was fixed in its Edge version 99.0.1150.55. As the OEMs have already done their part, it’s now the duty of the end-users to update their browsers to stay secured.