Time to replace: Google Chrome browser patches high-severity safety flaw

Google has launched a safety replace for for Chrome that protects customers towards a newly found, high-severity vulnerability within the browser that it is warned is already actively being exploited by cyber attackers. 

The Stable Channel Update for Google Chrome on desktop is for Home windows, Mac and Linux variations of the browser. It is really helpful that customers apply the safety replace as quickly as potential – one thing that Google Chrome will do mechanically when the browser is closed and reopened. 

The replace fixes CVE-2022-4262, a vulnerability classed as excessive severity that enables a distant attacker to probably exploit a Kind Confusion difficulty in Google V8’s javascript engine by inflicting heap corruption by way of a crafted HTML web page. 

Additionally: We are still failing to learn the most important lesson in cybersecurity.

‘Heap’ is an space of pre-reserved laptop reminiscence {that a} program makes use of to retailer a variable quantity of information – and heap corruption happens when a program damages the view of the heap, which may end up in a reminiscence fault that may be abused by attackers. 

Google states that it is conscious that an exploit for CVE-2022-4262 is energetic within the wild – in different phrases, it is actively being utilized by cyber criminals to energy malicious hacking campaigns – however hasn’t but supplied any info on how that is happening, citing a precaution towards offering different attackers with a means to make use of it earlier than customers are protected. 

Additionally: Cybersecurity: These are the new things to worry about in 2023

“Entry to bug particulars and hyperlinks could also be stored restricted till a majority of customers are up to date with a repair. We will even retain restrictions if the bug exists in a 3rd social gathering library that different tasks equally depend upon, however have not but mounted,” stated Google’s replace. 

The vulnerability was found by Clement Lecigne of Google’s Risk Evaluation Group. It represents the newest in a collection of safety flaws in Google Chrome which have been uncovered and patched throughout this yr. 

These embody, amongst others, CVE-2022-4135, a vulnerability that emerged in late November and was already actively being exploited within the wild, in addition to safety flaws that emerged in September and a series of significant vulnerabilities that appeared in July.

The replace that fixes the newest flaw – 108.0.5359.94 for Mac and Linux, and 108.0.5359.94/.95 for Home windows – is being rolled out now and it is really helpful customers apply it.  

MORE ON CYBERSECURITY