Search large Google on Friday launched an out-of-band safety replace to repair a brand new actively exploited zero-day flaw in its Chrome internet browser.
Kind confusion vulnerabilities could possibly be weaponized by menace actors to carry out out-of-bounds reminiscence entry, or result in a crash and arbitrary code execution.
In line with the NIST’s Nationwide Vulnerability Database, the flaw permits a “distant attacker to probably exploit heap corruption by way of a crafted HTML web page.”
Google acknowledged lively exploitation of the vulnerability however stopped in need of sharing further specifics to stop additional abuse.
CVE-2022-4262 is the fourth actively exploited kind confusion flaw that Google has addressed for the reason that begin of the yr. It is also the ninth zero-day flaw in Chrome attackers have exploited within the wild in 2022 –
Customers are advisable to improve to model 108.0.5359.94 for macOS and Linux and 108.0.5359.94/.95 for Home windows to mitigate potential threats.
Customers of Chromium-based browsers akin to Microsoft Edge, Courageous, Opera, and Vivaldi are additionally suggested to use the fixes as and after they turn into out there.