Search giant Google on Friday released an out-of-band security update to fix a new, actively exploited zero-day vulnerability in its Chrome web browser.
Type confusion vulnerabilities can be weaponized by threat actors to perform out-of-bounds memory accesses, leading to crashes or arbitrary code execution.
According to NIST’s National Vulnerability Database, the flaw is To give permission “A remote attacker exploiting heap corruption via a crafted HTML page.”
Google acknowledged that this vulnerability was being actively exploited, but declined to share additional details to prevent further exploitation.
CVE-2022-4262 is the fourth actively exploited type confusion flaw Google has addressed earlier this year. This is also his ninth zero-day vulnerability that Chrome attackers exploited in 2022.
We recommend upgrading to version 108.0.5359.94 for macOS and Linux and 108.0.5359.94/.95 for Windows to mitigate potential threats.
Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also encouraged to apply the fix as it becomes available.