Security News > 2022 > December > Google Rolls Out New Chrome Browser Update to Patch Yet Another Zero-Day Vulnerability
Search giant Google on Friday released an out-of-band security update to fix a new actively exploited zero-day flaw in its Chrome web browser.
The high-severity flaw, tracked as CVE-2022-4262, concerns a type confusion bug in the V8 JavaScript engine.
According to the NIST's National Vulnerability Database, the flaw permits a "Remote attacker to potentially exploit heap corruption via a crafted HTML page."
Google acknowledged active exploitation of the vulnerability but stopped short of sharing additional specifics to prevent further abuse.
CVE-2022-4262 is the fourth actively exploited type confusion flaw that Google has addressed since the start of the year.
It's also the ninth zero-day flaw in Chrome attackers have exploited in the wild in 2022 -.
News URL
https://thehackernews.com/2022/12/google-rolls-out-new-chrome-browser.html
Related news
- Google to kill Chrome Sync on older Chrome browser versions (source)
- New details reveal how hackers hijacked 35 Google Chrome extensions (source)
- Google Chrome is making it easier to share specific parts of long PDFs (source)
- Zero-Day Vulnerability in Ivanti VPN (source)
- Week in review: Exploited Ivanti Connect Secure zero-day, Patch Tuesday forecast (source)
- Google OAuth Vulnerability Exposes Millions via Failed Startup Domains (source)
- Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws (source)
- Patch procrastination leaves 50,000 Fortinet firewalls vulnerable to zero-day (source)
- Apple zero-day vulnerability exploited to target iPhone users (CVE-2025-24085) (source)
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-02 | CVE-2022-4262 | Type Confusion vulnerability in Google Chrome Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |