Security News > 2022 > November > Chrome fixes 8th zero-day of 2022 – check your version now (Edge too!)
Zero-days are bugs for which there were zero days you could have updated proactively.
Because cybercriminals not only found the bug first, but also figured out how to exploit it for nefarious purposes before a patch was prepared and published.
In the early 2000s, for instance - the era of super-fast-spreading viruses such as Code Red and SQL Slammer - almost any stack buffer overflow, and many if not most heap buffer overflows, could be turned from theoretical vulnerabilities into practicable exploits in quick order.
In the 2020s, workable remote code execution exploits - bugs that an attacker can reliably use to implant malware on your computer merely by luring you to view a single page on a booby-trapped website, for example - are generally much harder to find, and worth a lot more money in the cyberunderground as a result.
Google doesn't explicitly say how this bug could be exploited, but it's wise to assume that some sort of remote code execution, which is largely synonymous with "Surreptitious implantation of malware", is possible, given that the bug involves mismanagment of memory.
Microsoft Edge, as you probably know, is based on the Chromium code, but hasn't had an official update since the day before Google's threat researchers logged this bug.