Google has released a security update for for Chrome which protects users against a newly discovered, high severity vulnerability in the browser which it’s warned is already actively being exploited by cyber attackers.
The Stable Channel Update for Google Chrome on desktop is for Windows, Mac and Linux versions of the browser. It’s recommended that users apply the security update as soon as possible – something which Google Chrome will do automatically when the browser is closed and reopened.
Also: We are still failing to learn the most important lesson in cybersecurity.
The update fixes CVE-2022-4262, a vulnerability classed as high severity which allows a remote attacker to potentially exploit a Type Confusion issue n Google V8’s javascript engine by causing heap corruption via a crafted HTML page.
‘Heap’ is an area of pre-reserved computer memory that a program uses to store a variable amount of data – and heap corruption occurs when a program damages the view of the heap, which can result in a memory fault which can be abused by attackers.
Google states that it’s aware that an exploit for CVE-2022-4262 is active in the wild – in other words, it’s actively being used by cyber criminals to power malicious hacking campaigns – but hasn’t yet provided any information on how this is taking place, citing a precaution against providing other attackers with a way to use it before users are protected.
“Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed,” said Google’s update.
The vulnerability was discovered by Clement Lecigne of Google’s Threat Analysis Group. It represents the latest in a series of security flaws in Google Chrome which have been uncovered and patched during this year.
Also: Cybersecurity: These are the new things to worry about in 2023
These include, among others, CVE-2022-4135, a vulnerability which emerged in late November and was already actively being exploited in the wild, as well as security flaws which emerged in September and a series of significant vulnerabilities which appeared in July.
The update which fixes the latest flaw – 108.0.5359.94 for Mac and Linux and 108.0.5359.94/.95 for Windows – is being rolled out now and it’s recommended users apply it.
MORE ON CYBERSECURITY