Research giant Google on Friday launched an out-of-band security update to take care of a new actively exploited zero-day flaw in its Chrome web browser.
The large-severity flaw, tracked as CVE-2022-4262, concerns a form confusion bug in the V8 JavaScript motor. Clement Lecigne of Google’s Risk Investigation Team (TAG) has been credited with reporting the issue on November 29, 2022.
Type confusion vulnerabilities could be weaponized by risk actors to execute out-of-bounds memory access, or guide to a crash and arbitrary code execution.
According to the NIST’s Nationwide Vulnerability Database, the flaw permits a “remote attacker to most likely exploit heap corruption via a crafted HTML website page.”
Google acknowledged lively exploitation of the vulnerability but stopped shorter of sharing further details to prevent more abuse.
CVE-2022-4262 is the fourth actively exploited kind confusion flaw that Google has addressed considering that the start out of the yr. It’s also the ninth zero-day flaw in Chrome attackers have exploited in the wild in 2022 –
- CVE-2022-0609 – Use-immediately after-totally free in Animation
- CVE-2022-1096 – Kind confusion in V8
- CVE-2022-1364 – Form confusion in V8
- CVE-2022-2294 – Heap buffer overflow in WebRTC
- CVE-2022-2856 – Insufficient validation of untrusted input in Intents
- CVE-2022-3075 – Inadequate information validation in Mojo
- CVE-2022-3723 – Variety confusion in V8
- CVE-2022-4135 – Heap buffer overflow in GPU
End users are encouraged to up grade to variation 108..5359.94 for macOS and Linux and 108..5359.94/.95 for Windows to mitigate opportunity threats.
Buyers of Chromium-centered browsers this sort of as Microsoft Edge, Brave, Opera, and Vivaldi are also suggested to utilize the fixes as and when they turn into offered.
Found this write-up attention-grabbing? Abide by us on Twitter and LinkedIn to examine more exceptional articles we put up.
Some parts of this article are sourced from:
thehackernews.com