Security News > 2022 > August > Google Patches Chrome’s Fifth Zero-Day of the Year
Google has patched the fifth actively exploited zero-day vulnerability discovered in Chrome this year as one in a series of fixes included in a stable channel update released Wednesday.
Google credits Ashley Shen and Christian Resell of its Google Threat Analysis Group for reporting the zero-day bug, which could allow for arbitrary code execution, on July 19.
The advisory also unveiled 10 other patches for various other Chrome issues.
While the majority of the fixes in the update are for vulnerabilities rated as high or medium risk, Google did patch a critical bug tracked as CVE-2022-2852, a use-after-free issue in FedCM reported by Sergei Glazunov of Google Project Zero on Aug. 8.
The zero-day patch is the fifth Chrome bug under active attack that Google has patched so far this year.
In April, Google patched CVE-2022-1364, a type confusion flaw affecting Chrome's use of the V8 JavaScript engine on which attackers already had pounced.
News URL
https://threatpost.com/google-patches-chromes-fifth-zero-day-of-the-year/180432/
Related news
- New tool bypasses Google Chrome’s new cookie encryption system (source)
- Google’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine (source)
- Google fixes two Android zero-days used in targeted attacks (source)
- Google says “Enhanced protection” feature in Chrome now uses AI (source)
- Google Chrome’s AI feature lets you quickly check website trustworthiness (source)
- Google says new scam protection feature in Chrome uses AI (source)
- Google Chrome uses AI to analyze pages in new scam detection feature (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-09-26 | CVE-2022-2852 | Use After Free vulnerability in multiple products Use after free in FedCM in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2022-07-26 | CVE-2022-1364 | Type Confusion vulnerability in Google Chrome Type confusion in V8 Turbofan in Google Chrome prior to 100.0.4896.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |