December 2, Google released an extraordinary security update to correct the new actively used zero -day vulnerability in the Chrome browser.
Vulnerability with a high danger level cve-2022-4262 is associated with a confusion in the JavaScript engine V8. The problem was announced by the researcher of the Google (TAG) threat analysis group Clement Lesin November 29.
The vulnerability of the confusion of types occurs when the Java application does not check the type of data element that is transmitted to it. For example, the program receives a number, and actually gets a line. If the application does not check the type of data obtained, it can incorrectly process the data element, potentially destabilizing its code.
This error can provide the cybercriminator with access to memory outside the permissible range or lead to a failure and execution of an arbitrary code. According to data nist , vulnerability allows the “remote attacker to potentially use the damage to the heap through the created HTML page”.
Google recognized the active use of vulnerability, but did not share additional information to prevent further abuse.
Users is recommended to execute until version 108.0.5359.94 for MacOS for MacOS and Linux and 108.0.5359.94/95 for Windows to soften potential threats. Browser users based on Chromium – Microsoft Edge, Brave, Opera, etc., it is also recommended to apply corrections as they appear.
CVE-2022-4262 is the ninth 0-day vulnerability in Chrome, used in attacks in 2022. Earlier in November, Google released an urgent correction of 0-day vulnerability with a high degree of danger associated with the overflow of the buffer in the heap in the graphic processor. The disadvantage was discovered by Lesine Clement from the group of threat analysis Google Threat Analysis Group on November 22, 2022.