Google releases a fresh version of Chrome to fix yet another zero-day flaw

Google, a leading search engine, fixed a newly discovered and actively exploited zero-day vulnerability in its Chrome web browser on Friday.

The high-severity problem affects a type confusion bug in the V8 JavaScript engine and is tagged as CVE-2022-4262. On November 29, 2022, Clement Lecigne of Google’s Threat Analysis Group (TAG) is credited for reporting the problem.

Threat actors might take advantage of type confusion flaws to execute arbitrary code, crash, or get access to out-of-bounds memory.

According to the NIST’s National Vulnerability Database, the flaw permits a “remote attacker to potentially exploit heap corruption via a crafted HTML page.”

Google confirmed that the vulnerability was being actively exploited but chose not to provide more details in order to discourage further abuse.

The fourth actively exploited type confusion flaw that Google has fixed since the year’s beginning is CVE-2022-4262. 

• CVE-2022-0609 – Use-after-free in Animation
• CVE-2022-1096 – Type confusion in V8
• CVE-2022-1364 – Type confusion in V8
• CVE-2022-2294 – Heap buffer overflow in WebRTC
• CVE-2022-2856 – Insufficient validation of untrusted input in Intents
• CVE-2022-3075 – Insufficient data validation in Mojo
• CVE-2022-3723 – Type confusion in V8
• CVE-2022-4135 – Heap buffer overflow in GPU

Additionally, it’s the ninth zero-day vulnerability in Chrome that users have seen in the wild in 2022.

To reduce dangerous threats, users are advised to update to versions 108.0.5359.94 for macOS and Linux and 108.0.5359.94/.95 for Windows as soon as possible.

As soon as the solutions become available, users of Chromium-based browsers like Microsoft Edge, Brave, Opera, and Vivaldi are encouraged to install them.

see more on google blog

Suggest an edit to this article

Cybersecurity Knowledge Base

Homepage

Remember, CyberSecurity Starts With You!

• Globally, 30,000 websites are hacked daily.
• 64% of companies worldwide have experienced at least one form of a cyber attack.
• There were 20M breached records in March 2021.
• In 2020, ransomware cases grew by 150%.
• Email is responsible for around 94% of all malware.
• Every 39 seconds, there is a new attack somewhere on the web.
• An average of around 24,000 malicious mobile apps are blocked daily on the internet.