Google has launched Chrome 108.0.5359.94/.95 for Home windows, Mac, and Linux customers to deal with a single high-severity safety flaw, the ninth Chrome zero-day exploited within the wild patched because the begin of the yr.
“Google is conscious of experiences that an exploit for CVE-2022-4262 exists within the wild,” the search big mentioned in a security advisory revealed on Friday.
In accordance with Google, the brand new model has began rolling out to customers within the Secure Desktop channel, and it’ll attain the whole consumer base inside a matter of days or perhaps weeks.
This replace was instantly rolled out to our methods when BleepingComputer checked for brand spanking new updates from the Chrome menu > Assist > About Google Chrome.
The net browser may even robotically verify for brand spanking new updates and can set up them with out requiring consumer interplay after the following launch.
Assault particulars not accessible
The zero-day vulnerability (CVE-2022-4262) is because of a high-severity type confusion weak spot within the Chrome V8 JavaScript engine reported by Clement Lecigne of Google’s Menace Evaluation Group.
Regardless that kind confusion safety flaws typically result in browser crashes after profitable exploitation by studying or writing reminiscence out of buffer bounds, risk actors may exploit them for arbitrary code execution.
Though Google mentioned it detected assaults exploiting this zero-day, the corporate has but to share technical particulars or data concerning these incidents.
“Entry to bug particulars and hyperlinks could also be stored restricted till a majority of customers are up to date with a repair,” Google added.
“We may even retain restrictions if the bug exists in a 3rd get together library that different tasks equally rely upon, however have not but mounted.”
This can present Google Chrome customers with sufficient time to improve their browsers and stop exploitation makes an attempt till extra information is launched, permitting extra attackers to develop their very own exploits.
Ninth Chrome zero-day patched this yr
With this emergency replace, Google has addressed the ninth Chrome zero-day attackers have exploited within the wild because the begin of 2022.
The earlier eight zero-day vulnerabilities discovered and patched this yr are:
