Time to update: Google Chrome browser patches high-severity security flaw

Google has launched a safety replace for for Chrome that protects customers towards a newly found, high-severity vulnerability within the browser that it is warned is already actively being exploited by cyber attackers. 

The Stable Channel Update for Google Chrome on desktop is for Home windows, Mac and Linux variations of the browser. It is beneficial that customers apply the safety replace as quickly as attainable – one thing that Google Chrome will do routinely when the browser is closed and reopened. 

The replace fixes CVE-2022-4262, a vulnerability classed as excessive severity that permits a distant attacker to doubtlessly exploit a Sort Confusion difficulty in Google V8’s javascript engine by inflicting heap corruption by way of a crafted HTML web page. 

Additionally: We’re nonetheless failing to study crucial lesson in cybersecurity.

‘Heap’ is an space of pre-reserved laptop reminiscence {that a} program makes use of to retailer a variable quantity of knowledge – and heap corruption happens when a program damages the view of the heap, which can lead to a reminiscence fault that may be abused by attackers. 

Google states that it is conscious that an exploit for CVE-2022-4262 is energetic within the wild – in different phrases, it is actively being utilized by cyber criminals to energy malicious hacking campaigns – however hasn’t but offered any data on how that is happening, citing a precaution towards offering different attackers with a approach to make use of it earlier than customers are protected. 

Additionally: Cybersecurity: These are the brand new issues to fret about in 2023

“Entry to bug particulars and hyperlinks could also be saved restricted till a majority of customers are up to date with a repair. We will even retain restrictions if the bug exists in a 3rd social gathering library that different initiatives equally rely on, however have not but fastened,” mentioned Google’s replace. 

The vulnerability was found by Clement Lecigne of Google’s Risk Evaluation Group. It represents the newest in a collection of safety flaws in Google Chrome which were uncovered and patched throughout this 12 months. 

These embrace, amongst others, CVE-2022-4135, a vulnerability that emerged in late November and was already actively being exploited within the wild, in addition to safety flaws that emerged in September and a collection of great vulnerabilities that appeared in July.

The replace that fixes the newest flaw – 108.0.5359.94 for Mac and Linux, and 108.0.5359.94/.95 for Home windows – is being rolled out now and it is beneficial customers apply it.  

MORE ON CYBERSECURITY