Google, a leading search engine, fixed a newly discovered and actively exploited zero-day vulnerability in its Chrome web browser on Friday.
Threat actors might take advantage of type confusion flaws to execute arbitrary code, crash, or get access to out-of-bounds memory.
According to the NIST’s National Vulnerability Database, the flaw permits a “remote attacker to potentially exploit heap corruption via a crafted HTML page.”
Google confirmed that the vulnerability was being actively exploited but chose not to provide more details in order to discourage further abuse.
The fourth actively exploited type confusion flaw that Google has fixed since the year’s beginning is CVE-2022-4262.
- CVE-2022-0609 – Use-after-free in Animation
- CVE-2022-1096 – Type confusion in V8
- CVE-2022-1364 – Type confusion in V8
- CVE-2022-2294 – Heap buffer overflow in WebRTC
- CVE-2022-2856 – Insufficient validation of untrusted input in Intents
- CVE-2022-3075 – Insufficient data validation in Mojo
- CVE-2022-3723 – Type confusion in V8
- CVE-2022-4135 – Heap buffer overflow in GPU
Additionally, it’s the ninth zero-day vulnerability in Chrome that users have seen in the wild in 2022.
To reduce dangerous threats, users are advised to update to versions 108.0.5359.94 for macOS and Linux and 108.0.5359.94/.95 for Windows as soon as possible.
As soon as the solutions become available, users of Chromium-based browsers like Microsoft Edge, Brave, Opera, and Vivaldi are encouraged to install them.
Remember, CyberSecurity Starts With You!
- Globally, 30,000 websites are hacked daily.
- 64% of companies worldwide have experienced at least one form of a cyber attack.
- There were 20M breached records in March 2021.
- In 2020, ransomware cases grew by 150%.
- Email is responsible for around 94% of all malware.
- Every 39 seconds, there is a new attack somewhere on the web.
- An average of around 24,000 malicious mobile apps are blocked daily on the internet.
- JD Sports:Cyber Attack affects 10 million customers - 30 January 2023
- InfoSec – A Newbie Guide – InfoSecurity - 25 January 2023
- Apple is accused of censoring apps in Hong Kong and Russia - 22 December 2022