 |
| Google releases an emergency update to fix the ninth vulnerability |
Google has begun releasing version 108.0.5359.94 or 108.0.5359.95 of its Chrome browser for Windows, Mac and Linux users to fix a critical security vulnerability that has been disclosed.
The security hole that Google aims to fix with the new update is the ninth disclosed security hole that the US tech giant has fixed since early 2022.
“Google is aware of reports of a security vulnerability in CVE-2022-4262,” Google said in a Chrome Launch blog post.
The new version of Chrome is now available to users of the stable version of the browser on desktop devices, according to the company, and will reach its entire user base in a matter of days or weeks.
Clement Lesain, an information security engineer who works for the Threat Analysis Group at Google, explained that critical vulnerability CVE-2022-4262 is a confusion vulnerability of the type found in the Chrome V8 JavaScript engine.
Although type confusion vulnerabilities usually cause browser crashes after successful exploitation by reading or writing memory beyond the buffer bounds, hackers can also exploit them to execute arbitrary code.
Google said it has seen exploits of the disclosed CVE-2022-4262 vulnerability, but at the same time hasn't shared any details or technical information about those cases.
Google added, "Access to vulnerability details and links may be restricted until the update reaches the majority of users." We will also keep restrictions if the vulnerability is in a third-party library that other projects depend on, but has not yet been patched.
This gives Google Chrome users enough time to update their browsers and block exploit attempts until more information is released that could allow more attackers to develop their skills.