Search large Google on Friday launched an out-of-band safety replace to repair a brand new actively exploited zero-day flaw in its Chrome net browser.
Kind confusion vulnerabilities may very well be weaponized by menace actors to carry out out-of-bounds reminiscence entry, or result in a crash and arbitrary code execution.
In response to the NIST’s Nationwide Vulnerability Database, the flaw permits a “distant attacker to doubtlessly exploit heap corruption through a crafted HTML web page.”
Google acknowledged energetic exploitation of the vulnerability however stopped in need of sharing further specifics to stop additional abuse.
CVE-2022-4262 is the fourth actively exploited sort confusion flaw in Chrome that Google has addressed because the begin of the yr. It is also the ninth zero-day flaw attackers have exploited within the wild in 2022 –
Customers are beneficial to improve to model 108.0.5359.94 for macOS and Linux and 108.0.5359.94/.95 for Home windows to mitigate potential threats.
Customers of Chromium-based browsers resembling Microsoft Edge, Courageous, Opera, and Vivaldi are additionally suggested to use the fixes as and once they turn out to be obtainable.