Google released an emergency, out-of-band patch for another zero-day vulnerability in their flagship browser Chrome. Tracked as CVE-2022-4262, the vulnerability affected all browser versions on all platforms.
What is more worrisome is that the exploit for this vulnerability, a type confusion bug in Chrome’s V8 engine, is available on the internet. That’s why patching this vulnerability, reported on November 29 by Clement Lecigne of Google’s Threat Analysis Group, should be prioritized.
In 2022, researchers found three other bugs in Chrome that are related to type confusion. As with the other bugs, this one threatens systems with out-of-bounds memory access by threat actors.
More information will be released on the vulnerability soon. “Type Confusion in V8” vulnerabilities are related to the browser’s JavaScript engine as Mike Walters, VP of research at Action1, told Spiceworks.
“This vulnerability allows remote code execution, which means that a threat actor could make any script or malware payload be executed on the victims device.”
The Center for Internet Security noted that successful exploitation of CVE-2022-4262 enables threat actors to arbitrarily execute code in the context of the logged-on user. A hacker can install programs, view, change, delete data, or create new accounts with full user rights.
In most cases, attackers will exploit vulnerabilities when a user’s device connects to the malicious website. The attacker gains access and proceeds to steal information or create botnets, conducting distributed denial-of-service (DDoS) attacks, cryptocurrency mining or spamming.
CVE-2022-4262 is the ninth zero-day vulnerability discovered and patched in 2022. It is just the fourth from V8, which you’ll find in Chrome as well as these other Chromium-based browser engines: Brave, Opera, Vivaldi, and Microsoft Edge.
Edit
Google finds it very difficult to identify spun content. This can lead to posts being penalized by search engines and even removed from search results.
The CVE-2022-4262 risk is medium to high for government entities, businesses, and individuals that use the affected software.
According to the company, the vulnerability can’t be discussed in detail until most browsers have been updated. That said, the severity of this vulnerability is important and cannot be overstated. That’s why we recommend that you update your Chrome browser as soon as possible.
Update Chrome to the latest version by clicking on the three vertical ellipses in the top right corner. Next, go to Settings > About Google Chrome. If updates are available, it’ll ask if you want to restart Chrome after they’re installed.
“It is worth noting that patching browsers can be problematic because people do not like to reboot their browsers, which is often required as part of an update. That’s why the best practice for organizations to automate third-party app patches, including browser updates and ensure their IT teams can force reboots remotely in a way that’s comfortable for end users.” Walters advised.