Researchers have been credited with identifying the type of confusion vulnerability that, according to MITRE, “can lead to out-of-bounds memory access” in languages without memory protection. These include languages like C and C++. MITRE continues to explain that type confusion vulnerabilities occur when “the program allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.”
Google stated in the security update that they’re aware of exploit(s) in the wild. This is a zero-day vulnerability, with version 99.0.4844.84 for Windows, Mac, and Linux, which will roll out in the coming days/weeks. Chromium-based browsers* should also be updated when patches become available.
A popular target
Vulnerabilities in the V8 engine allow for powerful and reliable exploits, often via memory. In an interview with ZDNet in August, Google Project Zero team member Samuel Groß highlighted that most modern security technologies, like hardware-based mitigation, may often be bypassed by V8 vulnerabilities.
Between the wide adoption of Chrome and Chromium-based browsers and the technical details that make the V8 engine within these browsers a reliable attack vector, we’re likely to continue to see Chrome be a popular target for threat actors.
You can always fix vulnerabilities fast with Automox by using a “patch all” policy for every OS in your environment (which will also patch every third-party software we support).
Patch all policies ensure you fix vulnerabilities fast in the most common and highest risk applications. Use the device targeting feature to customize your policies so they are highly effective.
We recommend you set up these policies on a recurring schedule as patches have not yet been released – doing so will ensure you deploy updates as soon as they’re available. If you haven’t already, you can automate Chrome patching here.
*Chromium-based browsers include:
Many browsers use Chrome’s open-source Chromium codebase. Be sure to check if the browser you use is Chromium-based.
Patch the latest vulnerabilities with Automox today
Get up and running in 15 minutes or less.