On 25 March 2022, Google released Chrome 99.0.4844.84 for Windows, Mac, and Linux to address a flaw that is being actively exploited by threat actors. We recommend updating to the latest browser version as soon as possible.
The vulnerability, noted in CVE-2022-1096, received a high-severity rating. It is known as a type confusion weakness. A threat actor could leverage this flaw to perform out-of-bounds memory access, inject and execute arbitrary code.
Browser versions vulnerable to the aforementioned flaw could be exploited, hence increasing your network’s threat surface. The latest versions of Chrome, Edge and Brave are being released worldwide and can be deployed through automatic or manual updates.
We recommend that Windows, Mac, and Linux desktop users of Chrome and Chromium-based browsers manually upgrade now to the latest version by going to Settings -> Help -> About.
The web browser will then automatically check for the new update and install it if available.
We recommend notifying users of this risk and requesting that they restart their browser to ensure the needed security patches are applied.
If software is managed centrally within your organization, we recommend updating this software as soon as possible.