Is coverage available for Chromium: CVE-2022-1096 Type Confusion in V8?

5978

Created On 03/27/22 19:16 PM - Last Modified 04/23/24 18:38 PM

Vulnerability Protection

8.1

9.0

9.1

9.2

10.0

10.2

10.1

11.0

PAN-OS

Question

Is coverage available for Chromium: CVE-2022-1096 Type Confusion in V8 Type Confusion in V8?

Environment

PAN-OS Content

Answer

We are aware of CVE-2022-1096 - Chromium: Type Confusion in V8 Type Confusion in V8.

We have released IPS coverage via the content version 8624:

Name: Google Chrome Type Confusion Vulnerability
Unique Threat ID: 93067

We do recommend patching Microsoft Edge to version: (Version 99.0.1150.55) or later.
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security

Executive Summary
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

Google is aware that an exploit for CVE-2022-1096 exists in the wild.

FAQ
Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

How can I see the version of the browser?

In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
Click on Help and Feedback
Click on About Microsoft Edge
What is the version information for this release?

Microsoft Edge Version Date Released Based on Chromium Version
99.0.1150.55 3/26/2022 99.0.4844.84

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1096
https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1096

Additional Information

recommended patch:
(Version 99.0.1150.55)

March 26, 2022

Microsoft has released the latest Microsoft Edge Stable Channel (Version 99.0.1150.55), which incorporates the latest Security Updates of the Chromium project. This update contains a fix for CVE-2022-1096, which has been reported by the Chromium team as having an exploit in the wild.