Google has started releasing version 108.0.5359.94 or 108.0.5359.95 of the Chrome browser for Windows, Mac and Linux users, with the aim of fixing an exposed high-risk vulnerability.
The security vulnerability, which Google seeks to fix through the new update, is the ninth exposed vulnerability that the American technology giant has fixed since the beginning of 2022.
Google said in a post on its Chrome releases blog: “Google is aware of reports of the existence of the CVE-2022-4262 vulnerability.”
According to the company, the new version of Chrome is now available to users of the stable version of the browser on desktop devices, and it will reach the entire user base within days or weeks.
An information security engineer, Clement Lesain, who works for Google's Threat Analysis Group, explained that the critical CVE-2022-4262 vulnerability belongs to the type confusion vulnerabilities, and it is found in the Chrome V8 JavaScript engine.
Even though type confusion vulnerabilities generally lead to browser crashes after successful exploitation by reading or writing memory out of the buffer bounds, threat actors can also exploit them to execute arbitrary code.
Google said that it had discovered cases of exploiting the exposed vulnerability CVE-2022-4262, but at the same time it did not share technical details or information related to those cases.
And Google added: “Access to vulnerability details and links may be restricted until the update reaches the majority of users.” We will also keep the restrictions if the vulnerability exists in a third-party library that other projects similarly rely on, but is not yet fixed.
This will give Google Chrome users enough time to upgrade their browsers and block exploit attempts until more information is released, as this could allow more attackers to develop their exploit capabilities.
As for the previous seven loopholes, they are:
- CVE-2022-4135 – As of November 25
- CVE-2022-3723 - as of October 28
- CVE-2022-3075 - As of September 2
- CVE-2022-2856 - 17 August
- CVE-2022-2294 – July 4
- CVE-2022-1364 – April 14
- CVE-2022-1096 – March 25
- CVE-2022-0609 – February 14