Skip to main content
Creating a new NHS England: NHS England and NHS Digital merged on 1 February 2023. All references to NHS Digital now, or in the future, relate to NHS England. More about the merger.

Google Releases Security Update for Chrome Zero Day

Security update released to address an actively exploited zero-day vulnerability in Chrome

Report a cyber attack: call 0300 303 5222 or email carecert@nhsdigital.nhs.uk

Summary

Security update released to address an actively exploited zero-day vulnerability in Chrome


Threat details

Introduction

Google has released a security update to address a High severity zero-day vulnerability tracked as CVE-2022-4262. This vulnerability affects Chrome V8 TYPE CONFUSION for Windows, Mac, and Linux. This vulnerability could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Google is aware that an exploit for CVE-2022-4262 exists in the wild

The high-severity flaw, tracked as CVE-2022-4262, concerns a type confusion bug in the V8 JavaScript engine.


Remediation advice

Affected organisations are encouraged to review the Chrome Release and apply the necessary updates to the latest release.



Last edited: 5 December 2022 1:47 pm