Google Chrome

Google has released Chrome 108.0.5359.94/.95 for Windows, Mac, and Linux users to address a single high-severity security flaw, the ninth Chrome zero-day exploited in the wild patched since the start of the year.

“Google is aware of reports that an exploit for CVE-2022-4262 exists in the wild,” the search giant said in a security advisory published on Friday.

According to Google, the new version has started rolling out to users in the Stable Desktop channel, and it will reach the entire user base within a matter of days or weeks.

This update was immediately rolled out to our systems when BleepingComputer checked for new updates from the Chrome menu > Help > About Google Chrome.

The web browser will also automatically check for new updates and will install them without requiring user interaction after the next launch.

Chrome 108.0.5359.94

​Attack details not available

The zero-day vulnerability (CVE-2022-4262) is due to a high-severity type confusion weakness in the Chrome V8 JavaScript engine reported by Clement Lecigne of Google’s Threat Analysis Group.

Even though type confusion security flaws generally lead to browser crashes after successful exploitation by reading or writing memory out of buffer bounds, threat actors can also exploit them for arbitrary code execution.

Although Google said it detected attacks exploiting this zero-day, the company has yet to share technical details or information regarding these incidents.

“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” Google added.

“We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.”

This will provide Google Chrome users with enough time to upgrade their browsers and prevent exploitation attempts until more info is released, allowing more attackers to develop their own exploits.

Ninth Chrome zero-day patched this year

With this emergency update, Google has addressed the ninth Chrome zero-day attackers have exploited in the wild since the start of 2022.

The previous eight zero-day vulnerabilities found and patched this year are:

Source: www.bleepingcomputer.com