In the wake of woes surrounding zero-day hacks on web browsers and their forthcoming 100 iteration update, Microsoft has taken steps to introduce Edge security parameters in a new browser update published on its Security Response Center page. The company addressed the aforementioned exploits concerns and which browsers are most affected.
Microsoft explicitly implies that the hacks are most associated with Chromium-based browsers, saying specifically, "The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based)." Essentially, Microsoft explains that such browsers as Opera, Brave, Galaxy smartphone-based browsers (Samsung Internet), Yandex, Amazon Silk, and Vivaldi are all affected by the exploits.
Google has updated the zero-day bug affecting all versions prior to 99.0.4844.84, which allowed hackers to remotely target systems and integrate arbitrary code. The issues mainly stemmed from the V8 JavaScript engine component's miscommunication due to a type confusion error, which gave bad actors the potential to take full control over a user's system following sending said user to an exploited webpage.
Related Article: Google Home Speaker: How to Replace Default Music Streaming App with Spotify, YouTube Music, More
To check if you are updated or have updated your Google Chrome browser to 99.0.4844.84, simply press the three dots at the top right of the browser and scroll down to "Help." From here, enter "About Google Chrome," and the update should automatically start. This goes for generally all other Chromium-based browsers.
Via Google's own update to Chrome, Microsoft has likewise issued a similar release fix for Edge on the Chromium update, which features almost identical steps as to Chrome. For those on Chromium-based Edge browsers, take the following actions to ensure your browser is updated and secure from the zero-day exploits:
- Click the three dots at the right topmost of the screen
- Choose 'Help and Feedback'
- Access 'About Microsoft Edge'
The Chromium-based patch on Microsoft Edge browsers will read 99.0.1150.533. Thus, if any user sees a lower number, your browser might still be exploitable. Users MUST restart the browser to ensure updates are officially installed and protect against the V8 JavaScript hack.
Marking Google's second zero-day hack of 2022, the V8 JavaScript exploit proves to be yet another example of the ever-rising volatility behind Google's security on Chrome. While it has been quick to act in protecting users and pushing out updates, Google still remains rather susceptible to exploits on Chrome, and the forthcoming 100 version update will prove how secure the browser can be.