Security News > 2022 > December > Google Rolls Out New Chrome Browser Update to Patch Yet Another Zero-Day Vulnerability
Search giant Google on Friday released an out-of-band security update to fix a new actively exploited zero-day flaw in its Chrome web browser.
The high-severity flaw, tracked as CVE-2022-4262, concerns a type confusion bug in the V8 JavaScript engine.
According to the NIST's National Vulnerability Database, the flaw permits a "Remote attacker to potentially exploit heap corruption via a crafted HTML page."
Google acknowledged active exploitation of the vulnerability but stopped short of sharing additional specifics to prevent further abuse.
CVE-2022-4262 is the fourth actively exploited type confusion flaw that Google has addressed since the start of the year.
It's also the ninth zero-day flaw in Chrome attackers have exploited in the wild in 2022 -.
News URL
https://thehackernews.com/2022/12/google-rolls-out-new-chrome-browser.html
Related news
- Google’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine (source)
- New tool bypasses Google Chrome’s new cookie encryption system (source)
- Hackers target critical zero-day vulnerability in PTZ cameras (source)
- Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System (source)
- Google patches actively exploited Android vulnerability (CVE-2024-43093) (source)
- Google fixes two Android zero-days used in targeted attacks (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- Google says “Enhanced protection” feature in Chrome now uses AI (source)
- Week in review: Zero-click flaw in Synology NAS devices, Google fixes exploited Android vulnerability (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-12-02 | CVE-2022-4262 | Type Confusion vulnerability in Google Chrome Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |