Google Releases Security Update for Chrome Zero Day

Security update released to address an actively exploited zero-day vulnerability in Chrome

Threat ID:: CC-4222
Threat Severity:: Information only
Published:: 5 December 2022 1:47 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Security update released to address an actively exploited zero-day vulnerability in Chrome

Affected platforms

The following platforms are known to be affected:

Versions: all prior to 108.0.5359.94 for Mac and Linux, all prior to 108.0.5359.94/.95 for Windows

Google Chrome for Windows, macOS and Linux

Threat details

Introduction

Google has released a security update to address a High severity zero-day vulnerability tracked as CVE-2022-4262. This vulnerability affects Chrome V8 TYPE CONFUSION for Windows, Mac, and Linux. This vulnerability could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Google is aware that an exploit for CVE-2022-4262 exists in the wild

The high-severity flaw, tracked as CVE-2022-4262, concerns a type confusion bug in the V8 JavaScript engine.

Remediation advice

Affected organisations are encouraged to review the Chrome Release and apply the necessary updates to the latest release.

Definitive source of threat updates

https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop.html

CVE Vulnerabilities

Status Published

CVE-2022-4262

Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Last edited: 5 December 2022 1:47 pm