Security News > 2022 > December > Number Nine! Chrome fixes another 2022 zero-day, Edge patched too

Number Nine! Chrome fixes another 2022 zero-day, Edge patched too
2022-12-05 20:58

It's just under two weeks since Google rushed out a Chrome patch for the then-current version 107 to seal off a bug that was already being used in real-life attacks.

How might the bug might be triggered? Was merely viewing a booby-trapped web page enough? Could it be abused for remote code execution? Could the crooks end up installing malware without any visible warning? Who was using it? Were they state-sponsored attackers, or some other sort of cybercriminals? What they were after? Were they into data stealing, ransomware attacks, unlawful surveillance, or all of those things?

Shortly after the GPU heap overflow patch, a new Chrome version, numbered 108, came out with no fewer than 28 security fixes, including patches for numerous of memory mismanagement flaws, at least some of which we assume could ultimately have been wrangled into RCE exploits.

Google has already needed to publish a follow-up security update for its ninth zero-day of the year 2022, bringing Chrome to version 108.0.5359.94 for Mac and Linux, and to 108.0.5359.94 or 108.0.5359.95 for Windows.

Even if you've checked your Chrome version in the past few days, we recommend checking again by opening Chrome's Three-dot menu and then choosing Help > About Chrome.

Edge, as you almost certainly know, is based on Chromium, the open source core of Google's Chrome project, and Chromium also uses V8 for handling JavaScript.


News URL

https://nakedsecurity.sophos.com/2022/12/05/number-nine-chrome-fixes-another-2022-zero-day-edge-not-patched-yet/