Google Rolls Out New Chrome Browser Replace to Patch But One other Zero-Day Vulnerability

Dec 03, 2022Ravie LakshmananRisk Detection / Zero Day

Google zero-day

Search big Google on Friday launched an out-of-band safety replace to repair a brand new actively exploited zero-day flaw in its Chrome internet browser.

The high-severity flaw, tracked as CVE-2022-4262, considerations a kind confusion bug within the V8 JavaScript engine. Clement Lecigne of Google’s Risk Evaluation Group (TAG) has been credited with reporting the problem on November 29, 2022.

Kind confusion vulnerabilities may very well be weaponized by menace actors to carry out out-of-bounds reminiscence entry, or result in a crash and arbitrary code execution.

In keeping with the NIST’s Nationwide Vulnerability Database, the flaw permits a “distant attacker to probably exploit heap corruption through a crafted HTML web page.”

Google acknowledged energetic exploitation of the vulnerability however stopped in need of sharing extra specifics to forestall additional abuse.

CVE-2022-4262 is the fourth actively exploited kind confusion flaw in Chrome that Google has addressed for the reason that begin of the 12 months. It is also the ninth zero-day flaw attackers have exploited within the wild in 2022 –

Customers are really useful to improve to model 108.0.5359.94 for macOS and Linux and 108.0.5359.94/.95 for Home windows to mitigate potential threats.

Customers of Chromium-based browsers reminiscent of Microsoft Edge, Courageous, Opera, and Vivaldi are additionally suggested to use the fixes as and once they turn out to be obtainable.

Discovered this text attention-grabbing? Comply with us on Twitter and LinkedIn to learn extra unique content material we put up.

Supply By

Related posts