Search big Google on Friday launched an out-of-band safety replace to repair a brand new actively exploited zero-day flaw in its Chrome net browser.
The high-severity flaw, tracked as CVE-2022-4262, considerations a sort confusion bug within the V8 JavaScript engine. Clement Lecigne of Google’s Threat Analysis Group (TAG) has been credited with reporting the problem on November 29, 2022.
Type confusion vulnerabilities might be weaponized by risk actors to carry out out-of-bounds reminiscence entry, or result in a crash and arbitrary code execution.
According to the NIST’s National Vulnerability Database, the flaw permits a “distant attacker to probably exploit heap corruption through a crafted HTML web page.”
Google acknowledged lively exploitation of the vulnerability however stopped wanting sharing extra specifics to forestall additional abuse.
CVE-2022-4262 is the fourth actively exploited sort confusion flaw that Google has addressed for the reason that begin of the 12 months. It’s additionally the ninth zero-day flaw in Chrome attackers have exploited within the wild in 2022 –
Users are beneficial to improve to model 108.0.5359.94 for macOS and Linux and 108.0.5359.94/.95 for Windows to mitigate potential threats.
Users of Chromium-based browsers reminiscent of Microsoft Edge, Brave, Opera, and Vivaldi are additionally suggested to use the fixes as and after they develop into out there.