Users are advised to update to a patched iteration as soon as possible. Patches for the vulnerability have been included in Chrome 1.94 for Mac and Linux, and in Chrome 1.94/.95 for Windows. In Chrome, this can lead to deliberate code flow deviations, allowing attackers to achieve remote code execution when untrusted code is served from a malicious page. Type confusion flaws arise when a block of memory is used by a different algorithm than the one it was intended for. The flaw could allow a remote attacker to exploit heap corruption via a crafted HTML page, according to a National Vulnerability Database advisory. The high-severity security bug, tracked as CVE-2022-4262, is a ‘type confusion’ in the browser's V8 JavaScript engine. The vulnerability was identified by a Google Threat Analysis Group security researcher, Clement Lecigne. This caused Microsoft to release the updated Microsoft Edge (Version 1.42) with a fix for this issue since Edge is based on same core Chromium source code. Google has confirmed that an exploit for the vulnerability exists in the wild. It’s a bit unbelievable that Google announced an emergency Chrome 108 update on Friday to patch yet another zero-day vulnerability in the browser - the ninth to be fixed this year. Since July, Google has been patching one Chrome zero-day per month.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |