Skip to content

Defense Digests

Google Chrome Zero-Day Vulnerability

Dataprise Defense Digest 550x550

Table of content


On March 23, 2022 an anonymous user reported a Type Confusion vulnerability in the Google Chrome browser. On March 29, 2022, Google released a new version of their popular Chrome browser to patch the zero-day vulnerability in the Chrome browser for Windows, macOS, and Linux. Microsoft also confirmed that it’s chromium-based Edge browser was susceptible to the same zero-day vulnerability. With the discovery that Chromium-based browsers are also affected, alternative browsers including Brave, Amazon Silk, Opera, Samsung Internet, Vivaldi, and Yandex are all affected by this vulnerability.


Specific details about this vulnerability are being held by Google until the majority of browsers have been patched, to limit the exposure and potential compromises once the exact vulnerability is detailed to the public. The large number of affected browser products across a wide-variety of platforms does make this a high impact vulnerability.


A type confusion vulnerability exists when a program allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type. When the program accesses the resource using an incompatible type, this could trigger logical errors because the resource does not have expected properties. In languages without memory safety, such as C and C++, type confusion can lead to out-of-bounds memory access.

This specific type confusion vulnerability is in V8, Chrome’s JavaScript engine. V8 is also used server-side in Node.js, however, the Node.js team has not confirmed the vulnerability exists in their product yet.


Use the Update feature in your Chrome browser, or use a third-party patch management solution to apply the latest Chrome build for your Windows, macOS, and Linux operating systems to remediate the vulnerability.




  • Stephen Jones, Vice President, Cybersecurity Services

Recent Tweets


Learn about the latest threats and vulnerabilities with our D3 alerts.

Subscribe to get real-time notifications when a new Dataprise Defense Digest is published.