Google Patches Ninth Chrome Zero-Day of 2022

05-Dec-22

In order to address a zero-day vulnerability in the browser, the ninth to be fixed this year, Google on Friday released an emergency Chrome 108 update. The V8 JavaScript engine in the browser is where the high-severity security flaw, identified as CVE-2022-4262, is found. The internet giant states, “Google is aware that an exploit for CVE-2022-4262 exists in the wild.” Clement Lecigne, a security researcher with the Google Threat Analysis Group, discovered the flaw. No bug bounty payment will be made in accordance with Google policy.

According to a National Vulnerability Database notice, the weakness might enable “a remote attacker to potentially exploit heap corruption via a prepared HTML website.” Because a different algorithm than the one being used uses a block of memory, type confusion problems can occur.

Read More…