last posts

Google Chrome, Brave, Vivaldi Browsers Emergency Security Update


Google has published an emergency upgrade for Chrome that resolves a graded High-security risk in the browser that is already in the wild. Brave, Vivaldi, and other Chromium-based browsers are receiving the same security update. So it's time to start verifying that your browsers are up to date once more.

Google has issued Chrome 108.0.5359.94/.95 for Windows, Mac, and Linux users to address a single high-severity security weakness, the ninth Chrome zero-day exploited in the wild fixed since the beginning of the year.


"Google is aware of allegations that an exploit for CVE-2022-4262 exists in the wild," the search engine company stated in a security alert issued on Friday.

According to Google, the new version has begun to be sent to users in the Stable Desktop channel, and it will be available to the full user base within a few days or weeks.

When BleepingComputer checked for new updates via the Chrome menu > Help > About Google Chrome, this update was promptly sent out to our systems.

After the next start, the web browser will also automatically check for new updates and install them without needing user intervention.



Google releases an emergency Chrome update to address a zero-day exploit.

According to Google's Prudhvikumar Bommana on the Chrome Releases blog, CVE-2022-4262 is a high-severity type confusion vulnerability in Chrome's V8 JavaScript engine. If this sounds familiar, it's because it's Chrome's third such flaw this year.

As previously stated, if an attacker leverages a type of confusion vulnerability, they may be able to execute arbitrary code in the browser. If they have the required permissions, they can also read, modify, or remove data. We don't know how attackers exploited this specific problem since Google requires everyone to upgrade Chrome before giving specifics.


For what it's worth, the source of this security flaw was defined as "type confusion in V8," which translates to "there was an exploitable problem in the JavaScript engine that could be triggered by untrusted code and untrusted data that came in seemingly innocently from outside."

Simply accessing and viewing a booby-trapped website - something that isn't designed to get you into trouble on its own - might be enough to run rogue code and implant malware on your computer, without any popups or other download warnings.
Comments



Font Size
+
16
-
lines height
+
2
-