Security News > 2022 > December > Google Rolls Out New Chrome Browser Update to Patch Yet Another Zero-Day Vulnerability
Search giant Google on Friday released an out-of-band security update to fix a new actively exploited zero-day flaw in its Chrome web browser.
The high-severity flaw, tracked as CVE-2022-4262, concerns a type confusion bug in the V8 JavaScript engine.
According to the NIST's National Vulnerability Database, the flaw permits a "Remote attacker to potentially exploit heap corruption via a crafted HTML page."
Google acknowledged active exploitation of the vulnerability but stopped short of sharing additional specifics to prevent further abuse.
CVE-2022-4262 is the fourth actively exploited type confusion flaw that Google has addressed since the start of the year.
It's also the ninth zero-day flaw in Chrome attackers have exploited in the wild in 2022 -.
News URL
https://thehackernews.com/2022/12/google-rolls-out-new-chrome-browser.html
Related news
- Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day (source)
- Lazarus Group Exploits Google Chrome Vulnerability to Control Infected Devices (source)
- Google’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine (source)
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws (source)
- Firefox Zero-Day Under Attack: Update Your Browser Immediately (source)
- Google: 70% of exploited flaws disclosed in 2023 were zero-days (source)
- Microsoft Reveals macOS Vulnerability that Bypasses Privacy Controls in Safari Browser (source)
- CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack (source)
- Google to let businesses create curated Chrome Web Stores for extensions (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-02 | CVE-2022-4262 | Type Confusion vulnerability in Google Chrome Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |