google
InfoSec News Trending Vulnerabilities 

Google releases a fresh version of Chrome to fix yet another zero-day flaw

RiSec.n0tst3 0 Comments Chrome, CVE-2022-4262, google

Google, a leading search engine, fixed a newly discovered and actively exploited zero-day vulnerability in its Chrome web browser on Friday.

The high-severity problem affects a type confusion bug in the V8 JavaScript engine and is tagged as CVE-2022-4262. On November 29, 2022, Clement Lecigne of Google’s Threat Analysis Group (TAG) is credited for reporting the problem.

Threat actors might take advantage of type confusion flaws to execute arbitrary code, crash, or get access to out-of-bounds memory.

According to the NIST’s National Vulnerability Database, the flaw permits a “remote attacker to potentially exploit heap corruption via a crafted HTML page.”

Google confirmed that the vulnerability was being actively exploited but chose not to provide more details in order to discourage further abuse.

The fourth actively exploited type confusion flaw that Google has fixed since the year’s beginning is CVE-2022-4262. 

  • CVE-2022-0609 – Use-after-free in Animation
  • CVE-2022-1096 – Type confusion in V8
  • CVE-2022-1364 – Type confusion in V8
  • CVE-2022-2294 – Heap buffer overflow in WebRTC
  • CVE-2022-2856 – Insufficient validation of untrusted input in Intents
  • CVE-2022-3075 – Insufficient data validation in Mojo
  • CVE-2022-3723 – Type confusion in V8
  • CVE-2022-4135 – Heap buffer overflow in GPU

Additionally, it’s the ninth zero-day vulnerability in Chrome that users have seen in the wild in 2022.

To reduce dangerous threats, users are advised to update to versions 108.0.5359.94 for macOS and Linux and 108.0.5359.94/.95 for Windows as soon as possible.

As soon as the solutions become available, users of Chromium-based browsers like Microsoft Edge, Brave, Opera, and Vivaldi are encouraged to install them.

see more on google blog

Suggest an edit to this article

Cybersecurity Knowledge Base

Homepage

Remember, CyberSecurity Starts With You!

  • Globally, 30,000 websites are hacked daily.
  • 64% of companies worldwide have experienced at least one form of a cyber attack.
  • There were 20M breached records in March 2021.
  • In 2020, ransomware cases grew by 150%.
  • Email is responsible for around 94% of all malware.
  • Every 39 seconds, there is a new attack somewhere on the web.
  • An average of around 24,000 malicious mobile apps are blocked daily on the internet.
Bookmark
Recommended:  French data protection authority says Google Analytics is in violation of GDPR
Social Comments Box
Connect
RiSec.n0tst3
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK.

I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated...

I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK.

I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!
Connect
Latest posts by RiSec.n0tst3 (see all)
Share the word, let's increase Cybersecurity Awareness as we know it

RiSec.n0tst3

Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK. I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated... I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK. I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!

You May Also Like

Online Shopping Alphaware 1.0 – Error Based SQL injection

RiSec.Mitch 0

TypeSetter 5.1 – CSRF (Change admin e-mail) Exploit

RiSec.Mitch 0

SpoolFool: Windows Print Spooler Privilege Escalation (CVE-2022-21999)

RiSec.n0tst3 0

Leave a Reply