Security News > 2022 > August > Google Patches Chrome’s Fifth Zero-Day of the Year

Google Patches Chrome’s Fifth Zero-Day of the Year
2022-08-18 14:31

Google has patched the fifth actively exploited zero-day vulnerability discovered in Chrome this year as one in a series of fixes included in a stable channel update released Wednesday.

Google credits Ashley Shen and Christian Resell of its Google Threat Analysis Group for reporting the zero-day bug, which could allow for arbitrary code execution, on July 19.

The advisory also unveiled 10 other patches for various other Chrome issues.

While the majority of the fixes in the update are for vulnerabilities rated as high or medium risk, Google did patch a critical bug tracked as CVE-2022-2852, a use-after-free issue in FedCM reported by Sergei Glazunov of Google Project Zero on Aug. 8.

The zero-day patch is the fifth Chrome bug under active attack that Google has patched so far this year.

In April, Google patched CVE-2022-1364, a type confusion flaw affecting Chrome's use of the V8 JavaScript engine on which attackers already had pounced.


News URL

https://threatpost.com/google-patches-chromes-fifth-zero-day-of-the-year/180432/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-09-26 CVE-2022-2852 Use After Free vulnerability in multiple products
Use after free in FedCM in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject CWE-416
8.8
2022-07-26 CVE-2022-1364 Type Confusion vulnerability in Google Chrome
Type confusion in V8 Turbofan in Google Chrome prior to 100.0.4896.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google CWE-843
8.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Google 102 256 4320 4678 741 9995