"Google Patches Ninth Chrome Zero-Day of 2022"

Google recently announced an emergency Chrome 108 update to patch a zero-day vulnerability in the browser, the ninth to be fixed this year. The high-severity security bug is tracked as CVE-2022-4262 and is described as a type confusion in the browser’s V8 JavaScript engine. Google noted that it is aware that an exploit for CVE-2022-4262 exists in the wild. The vulnerability was identified by the Google Threat Analysis Group. Google said that the flaw could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. Google noted that type confusion flaws exist because a block of memory is used by a different algorithm than the one that was supposed to consume it. In Chrome, such issues could lead to deliberate code flow deviations, allowing attackers to achieve remote code execution (RCE) when untrusted code is served from a malicious page. Patches for this vulnerability have been included in Chrome 108.0.5359.94 for Mac and Linux and in Chrome 108.0.5359.94/.95 for Windows. Google is advising users to update to a patched iteration as soon as possible.

SecurityWeek reports: "Google Patches Ninth Chrome Zero-Day of 2022"