Sunday, December 10, 2023

Google releases a fresh version of Chrome to fix yet another zero-day flaw

User Avatar
By Steven Black (n0tst3)
google

Google, a leading search engine, fixed a newly discovered and actively exploited zero-day vulnerability in its Chrome web browser on Friday.

The high-severity problem affects a type confusion bug in the V8 JavaScript engine and is tagged as CVE-2022-4262. On November 29, 2022, Clement Lecigne of Google’s Threat Analysis Group (TAG) is credited for reporting the problem.

Threat actors might take advantage of type confusion flaws to execute arbitrary code, crash, or get access to out-of-bounds memory.

According to the NIST’s National Vulnerability Database, the flaw permits a “remote attacker to potentially exploit heap corruption via a crafted HTML page.”

Google confirmed that the vulnerability was being actively exploited but chose not to provide more details in order to discourage further abuse.

The fourth actively exploited type confusion flaw that Google has fixed since the year’s beginning is CVE-2022-4262. 

  • CVE-2022-0609 – Use-after-free in Animation
  • CVE-2022-1096 – Type confusion in V8
  • CVE-2022-1364 – Type confusion in V8
  • CVE-2022-2294 – Heap buffer overflow in WebRTC
  • CVE-2022-2856 – Insufficient validation of untrusted input in Intents
  • CVE-2022-3075 – Insufficient data validation in Mojo
  • CVE-2022-3723 – Type confusion in V8
  • CVE-2022-4135 – Heap buffer overflow in GPU

Additionally, it’s the ninth zero-day vulnerability in Chrome that users have seen in the wild in 2022.

To reduce dangerous threats, users are advised to update to versions 108.0.5359.94 for macOS and Linux and 108.0.5359.94/.95 for Windows as soon as possible.

As soon as the solutions become available, users of Chromium-based browsers like Microsoft Edge, Brave, Opera, and Vivaldi are encouraged to install them.

see more on google blog

Suggest an edit to this article

Check out our new Discord Cyber Awareness Server. Stay informed with CVE Alerts, Cybersecurity News & More!

Cybersecurity Knowledge Base

Homepage

Remember, CyberSecurity Starts With You!

  • Globally, 30,000 websites are hacked daily.
  • 64% of companies worldwide have experienced at least one form of a cyber attack.
  • There were 20M breached records in March 2021.
  • In 2020, ransomware cases grew by 150%.
  • Email is responsible for around 94% of all malware.
  • Every 39 seconds, there is a new attack somewhere on the web.
  • An average of around 24,000 malicious mobile apps are blocked daily on the internet.
Bookmark
Close
Recommended:  Chrome Update: Exploited Zero-Day Vulnerability fixed by Google, the 8th this year
Please loginn
Share the word, let's increase Cybersecurity Awareness as we know it
- Sponsored -

Sponsored Offer

Unleash the Power of the Cloud: Grab $200 Credit for 60 Days on DigitalOcean!

Get Offer
Digital ocean free 200

Discover more infosec

User Avatar
Steven Black (n0tst3)
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK. I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated... I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK. I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!

more infosec reads

Subscribe for weekly updates

explore

more

security

Editor Picks

Featured

Cyber Academy

ABOUT US

RiSec represents an autonomous, non-profit alliance comprising of individuals dedicated to enhancing cybersecurity awareness and education. Read more

Contact us: security@realinfosec.net

Social

Subscribe for weekly updates

Copyright © RiSec 2023 All rights reserved.
All trademarks, logos, images and brand names are the property of their respective owners.