• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Google Releases Chrome Emergency Fix
For Ninth Zero-Day This Year

You are here: Home / General Cyber Security News / Google Releases Chrome Emergency Fix For Ninth Zero-Day This Year
December 5, 2022

Google developers introduced an urgent resolve for Chrome 108..5359.94 on Friday. The update addresses a novel, zero-day vulnerability (tracked CVE-2022-4262).

The flaw reportedly affects all variations of the browser, and in accordance to Mike Walters, VP of vulnerability and threat investigate at Action1, the fix was urgent, as there is currently a performing exploit for it. 

“This take care of addresses the ninth zero-working day vulnerability in the browser this 12 months. Also, it carries on an odd sample of Google repairing a zero-working day vulnerability quickly just after a common release,” Walters instructed Infosecurity.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


As is customary for Google, information on the vulnerability and exploit have nonetheless to be released.

“Google will not give particulars about the vulnerability until finally most users’ browsers are updated, and rightly so,” Walters explained. “The severity of this vulnerability can rarely be overstated. That is why we endorse that you update your Chrome browser as shortly as probable.”

While information about the flaw are not publicly identified, it is recognised that it is connected to type confusion bugs in the V8 JavaScript engine.

“Accordingly, it is extremely most likely that this vulnerability makes it possible for remote code execution, which implies that a threat actor could lead to any script or malware payload to be executed on the victims’ system,” Walters stated.

“In most conditions, attackers exploit these kinds of vulnerabilities when end users go to their malicious website. Then they steal facts from the impacted devices or produce botnets to execute dispersed denial-of-assistance (DDoS) attacks, mine cryptocurrency or mail spam.”

At the same time, patching browsers can be problematic, Walters said, considering that people today do not like rebooting their browsers, which is usually required as section of an update.

“Which is why the ideal exercise for companies is to automate patching for 3rd-party apps, such as browsers, and ensure their IT groups can drive reboots remotely in a way that is at ease to stop customers,” the government concluded.

The patch will come a lot less than two weeks from Google’s most recent Chrome patch for a zero-day (tracked CVE-2022-4135), which the tech huge dealt with on November 24.


Some sections of this posting are sourced from:
www.infosecurity-journal.com

Previous Post: «Cyber Security News Manufacturers Struggle to Manage Cyber-Threats from New Tech Deployments
Next Post: Cyber Extortion Growing Exponentially in Africa, Middle East and China, Finds Orange Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Microsoft Reveals Tactics Used by 4 Ransomware Families Targeting macOS
  • Dridex Malware Now Attacking macOS Systems with Novel Infection Method
  • Cyber attacks on UK organisations surged 77% in 2022, new research finds
  • WhatsApp to combat internet blackouts with proxy server support
  • The IT Pro Podcast: Going passwordless
  • Podcast transcript: Going passwordless
  • UK Schools Hit by Mass Leak of Confidential Data
  • Play ransomware gang behind recent cyber attack on Rackspace
  • Personal Storage Table Files Accessed in Rackspace Attack
  • Security Industry Hits Back with MegaCortex Decryptor

Copyright © TheCyberSecurity.News, All Rights Reserved.