On Friday, Google began rolling out an emergency stable channel update for the Chrome browser on Windows, Mac, and Linux to patch a zero-day exploit that exists in the wild. If you haven’t done so, check and make sure your browser is updated to at least version 108.0.5359.94 on Mac and Linux and 108.0.5359.94/.95 on Windows.
Ninth zero-day of 2022 hits Chrome
Google’s Prudhvikumar Bommana says on the Chrome Releases blog that CVE-2022-4262 is a high-severity type confusion weakness in Chrome’s V8 JavaScript engine. If that sounds familiar, it’s because it’s the third such bug in Chrome this year.
As we’ve explained before, if the attacker exploits a type confusion vulnerability, it can allow them to execute arbitrary code in the browser. They can also view, edit, or delete data if they have the necessary privileges. We are unsure how attackers exploit this specific bug, though, because Google wants everyone to update Chrome before sharing details.
“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” Google explains. “We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but haven’t yet fixed.”
This is the ninth Chrome zero-day exploit that Google has patched in 2022. The one before this surfaced on November 25 and involved heap buffer overflow in GPU.
How to update your Chrome browser
Chrome doesn’t always apply the latest updates when you open the browser, so if you want to check and see which version you are running, go to Settings and then About Chrome at the bottom of the menu bar on the left side of the screen.
If you are already running the latest version of the browser, then you are good to go. If not, you should begin the process of updating as soon as possible. Once it finishes downloading, click the Relaunch button to finish updating.
More Google coverage: For more Pixel news, visit our Pixel 7 guide.