Security News > 2022 > December > CISA orders agencies to patch exploited Google Chrome bug by Dec 26th
The flaw was patched as an actively exploited zero-day bug in the Google Chrome web browser on Friday for Windows, Mac, and Linux users.
In a security advisory published right before the weekend, Google said it "Is aware of reports that an exploit for CVE-2022-4262 exists in the wild."
This is the ninth Chrome zero-day exploited in the wild that Google has patched since the start of the year.
According to a November 2021 binding operational directive, all Federal Civilian Executive Branch Agencies agencies now must patch their systems against this bug according to the timeline provided by CISA. They were given three weeks, until December 26th, to patch all vulnerable Chrome installations on their systems to ensure that ongoing exploitation attempts would be blocked.
Even though the BOD 22-01 directive only applies to US FCEB agencies, the DHS cybersecurity agency also strongly urged all U.S. organizations from both private and public sectors to prioritize patching this actively exploited bug.
Since the binding directive was issued, CISA has added hundreds of security bugs to its catalog of known exploited vulnerabilities, ordering U.S. federal agencies to patch them as soon as possible to block potential security breaches.
News URL
Related news
- Google Chrome gets a mind of its own for some security fixes (source)
- Google Chrome Switches to ML-KEM for Post-Quantum Cryptography Defense (source)
- New Google Chrome feature will translate complex pages in real time (source)
- New Octo Android malware version impersonates NordVPN, Google Chrome (source)
- Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day (source)
- How to enable Safe Browsing in Google Chrome on Android (source)
- Lazarus Group Exploits Google Chrome Vulnerability to Control Infected Devices (source)
- Chrome Users Can Now Sync Passkeys Across Devices with New Google PIN Feature (source)
- Ivanti Endpoint Manager Flaw Actively Targeted, CISA Warns Agencies to Patch (source)
- Google to let businesses create curated Chrome Web Stores for extensions (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-02 | CVE-2022-4262 | Type Confusion vulnerability in Google Chrome Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |