Search giant Google on Friday released an out-of-band security update to fix a new, actively exploited zero-day vulnerability in its Chrome web browser.
High severity defects tracked as CVE-2022-4262is about a type confusion bug in the V8 JavaScript engine. Clement Lecigne of Google’s Threat Analysis Group (TAG) reported this issue on November 29, 2022.
Type confusion vulnerabilities can be weaponized by threat actors to perform out-of-bounds memory accesses, leading to crashes or arbitrary code execution.
According to NIST’s National Vulnerability Database, the flaw is To give permission “A remote attacker exploiting heap corruption via a crafted HTML page.”
Google acknowledged that this vulnerability was being actively exploited, but declined to share additional details to prevent further exploitation.
CVE-2022-4262 is the fourth actively exploited type confusion flaw Google has addressed earlier this year. This is also his ninth zero-day vulnerability that Chrome attackers exploited in 2022.
We recommend upgrading to version 108.0.5359.94 for macOS and Linux and 108.0.5359.94/.95 for Windows to mitigate potential threats.
Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also encouraged to apply the fix as it becomes available.
