Time to replace: Google Chrome browser patches high-severity safety flaw

Google has launched a safety replace for for Chrome that protects customers in opposition to a newly found, high-severity vulnerability within the browser that it is warned is already actively being exploited by cyber attackers. 

The Stable Channel Update for Google Chrome on desktop is for Home windows, Mac and Linux variations of the browser. It is really useful that customers apply the safety replace as quickly as attainable – one thing that Google Chrome will do routinely when the browser is closed and reopened. 

The replace fixes CVE-2022-4262, a vulnerability classed as excessive severity that permits a distant attacker to probably exploit a Sort Confusion concern in Google V8’s javascript engine by inflicting heap corruption by way of a crafted HTML web page. 

Additionally: We are still failing to learn the most important lesson in cybersecurity.

‘Heap’ is an space of pre-reserved laptop reminiscence {that a} program makes use of to retailer a variable quantity of information – and heap corruption happens when a program damages the view of the heap, which may end up in a reminiscence fault that may be abused by attackers. 

Google states that it is conscious that an exploit for CVE-2022-4262 is energetic within the wild – in different phrases, it is actively being utilized by cyber criminals to energy malicious hacking campaigns – however hasn’t but offered any info on how that is happening, citing a precaution in opposition to offering different attackers with a manner to make use of it earlier than customers are protected. 

Additionally: Cybersecurity: These are the new things to worry about in 2023

“Entry to bug particulars and hyperlinks could also be saved restricted till a majority of customers are up to date with a repair. We may also retain restrictions if the bug exists in a 3rd celebration library that different initiatives equally rely upon, however have not but fastened,” mentioned Google’s replace. 

The vulnerability was found by Clement Lecigne of Google’s Risk Evaluation Group. It represents the most recent in a sequence of safety flaws in Google Chrome which have been uncovered and patched throughout this 12 months. 

These embrace, amongst others, CVE-2022-4135, a vulnerability that emerged in late November and was already actively being exploited within the wild, in addition to safety flaws that emerged in September and a series of significant vulnerabilities that appeared in July.

The replace that fixes the most recent flaw – 108.0.5359.94 for Mac and Linux, and 108.0.5359.94/.95 for Home windows – is being rolled out now and it is really useful customers apply it.  

MORE ON CYBERSECURITY