Chrome issues emergency update after vulnerability was discovered on its previous update

Share post:

On December 2, 2022, Google released a new version of its Chrome web browser for desktop operating systems and Android. The new Chrome 108.0.5359.94/.95 update for Windows, Mac, and Linux users addresses a single high-severity security flaw, the ninth Chrome zero-day exploited in the wild patched since the beginning of the year.

The CVE-2022-4262 high-severity flaw is related to a type confusion bug in the V8 JavaScript engine. On November 29, 2022, Clement Lecigne of Google’s Threat Analysis Group (TAG) was credited with reporting the issue.

Threat actors could exploit the vulnerabilities to perform out-of-bounds memory access or to cause a crash and arbitrary code execution. Although type confusion security flaws typically result in browser crashes after successful exploitation by reading or writing memory outside of buffer bounds, threat actors can also use them to execute arbitrary code.

Chrome instances that have not been updated to the latest version may be successfully attacked. Naturally, attacks will not occur on all visited websites, but there are specially prepared websites that target vulnerable devices. The Chrome 108 update arrives just a few days after the main Chrome 108 upgrade, which fixed 28 different security issues in the browser.

According to Google, the new version has begun to be distributed to users in the Stable Desktop channel, and it will be available to the entire user base within a few days or weeks. After the next launch, the web browser will also automatically check for new updates and install them without requiring user interaction. Other Chromium-based browsers, such as Edge, Brave, Vivaldi, and Opera, are also expected to release security updates in the coming days and weeks to address the issue.

The sources for this piece includes an article in TheHackerNews.


Related articles

Cyber Security Today, May 29, 2024 – A new North Korean ransomware gang spotted, and more

A new North Korean ransomware gang spotted, and more Welcome to Cyber Security Today. It's Wednesday, May 29th, 2024....

Microsoft tries to regain trust of government cybersecurity leadership

Microsoft has embarked on an aggressive campaign to restore and enhance its cybersecurity image and regain trust within...

London Drugs refuses to pay ransom – corporate data is leaked

London Drugs, a prominent Canadian retailer, has confirmed a data breach involving sensitive corporate head office files, following...

Cyber Security Today, May 27, 2024 – Security controversy over a new Microsoft tool, a new open source threat intelligence service, and more

Security controversy over a new Microsoft tool, a new open-source threat intelligence service, and more. Welcome to Cyber Security...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways