Security News > 2022 > December > Google Rolls Out New Chrome Browser Update to Patch Yet Another Zero-Day Vulnerability

Search giant Google on Friday released an out-of-band security update to fix a new actively exploited zero-day flaw in its Chrome web browser.
The high-severity flaw, tracked as CVE-2022-4262, concerns a type confusion bug in the V8 JavaScript engine.
According to the NIST's National Vulnerability Database, the flaw permits a "Remote attacker to potentially exploit heap corruption via a crafted HTML page."
Google acknowledged active exploitation of the vulnerability but stopped short of sharing additional specifics to prevent further abuse.
CVE-2022-4262 is the fourth actively exploited type confusion flaw that Google has addressed since the start of the year.
It's also the ninth zero-day flaw in Chrome attackers have exploited in the wild in 2022 -.
News URL
https://thehackernews.com/2022/12/google-rolls-out-new-chrome-browser.html
Related news
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- Google fixes Chrome zero-day exploited in espionage campaign (source)
- Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) (source)
- Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability (source)
- Fake Google Chrome Sites Distribute ValleyRAT Malware via DLL Hijacking (source)
- Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws (source)
- Patch Tuesday: Microsoft Patches Two Actively Exploited Zero-Day Flaws (source)
- PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks (source)
- Google Chrome's AI-powered security feature rolls out to everyone (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-12-02 | CVE-2022-4262 | Type Confusion vulnerability in Google Chrome Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |