New Google Chrome Zero-Day Bug Actively Exploited in Wild – Emergency Update!

Google released new security updates for actively exploited Chrome zero-day vulnerability that allows attackers to execute an arbitrary code to take full control of the system remotely using the exploit that exists in the Wild.

A Stable chennal update was released for the Desktop version 108.0.5359.94 for Mac and Linux and 108.0.5359.94/.95 for Windows.

EHA

As part of this emergency security update, Google has patched the ninth zero-day vulnerability in the Chrome web browser this year in 2022.

Type Confusion in V8 vulnerability (High CVE-2022-4262) was reported by Clement Lecigne of Google’s Threat Analysis Group on 2022-11-29.

Vulnerability Details:

A high-severity type Confusion vulnerability in the V8 Javascript engine affects all the chrome versions that allow attackers to exploit the bug remotely by executing arbitrary code.

Successful exploitation of this zero-day bug leads to crashes of the browser by reading or writing memory out of buffer bounds.

V8, the open-source Google JavaScript engine written in C++ that powers both Chrome and other Chromium-based browsers* is an especially attractive target for attackers.

A type confusion vulnerability let the exploit to allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

Most modern security technologies, like hardware-based mitigation, may often be bypassed by V8 vulnerabilities, Google Project Zero team member Samuel Groß highlighted.

“Access to bug details and links may be kept restricted until a majority of users are updated with a fix.”

“We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but haven’t yet fixed.

“Google is aware that an exploit for CVE-2022-4262 exists in the wild.” Google Stated.

Google shared only the bug details and CVE and no technical details available at this moment.

Zero-day Flaw Fixed in 2022

Here below we have mentioned all the 8zero-day flaws that are fixed in 2022:-

Update Now

Users were strongly recommended by Google to update their Chrome web browser immediately to prevent exploitation. In order to update the Chrome web browser you have to follow a few simple steps that we have mentioned below:-  

Chrome 108
  • First of all, go to the Settings option.
  • Then select About Chrome.
  • Now you have to wait, as Chrome will automatically fetch and download the latest update.
  • Then wait for the latest version to be installed.
  • Once the installation process completes, now you have to restart Chrome.
  • That’s it, now you are done.

Secure Web Gateway – Web Filter Rules, Activity Tracking & Malware Protection – Download Free E-Book

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.