{"id":20748,"date":"2022-12-08T09:12:26","date_gmt":"2022-12-08T17:12:26","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2022\/12\/08\/news-14481\/"},"modified":"2022-12-08T09:12:26","modified_gmt":"2022-12-08T17:12:26","slug":"news-14481","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2022\/12\/08\/news-14481\/","title":{"rendered":"Update now! Emergency fix for Google Chrome&#8217;s V8 JavaScript engine zero-day flaw released"},"content":{"rendered":"<p>On Friday, December 2,&nbsp;<a rel=\"noreferrer noopener\" href=\"https:\/\/chromereleases.googleblog.com\/2022\/12\/stable-channel-update-for-desktop.html\" target=\"_blank\">Google rolled out an out-of-band patch<\/a>&nbsp;for an actively exploited zero-day vulnerability in its&nbsp;<a rel=\"noreferrer noopener\" href=\"https:\/\/v8.dev\/\" target=\"_blank\">V8 JavaScript engine<\/a>. The flaw could allow attackers to cause a system crash or execute potentially malicious code.<\/p>\n<p>That means you&#8217;ll want to update Chrome to patch against this vulnerability as soon as you can. Do this by navigating to the &#8220;About Chrome&#8221; page on your browser&rsquo;s menu.<\/p>\n<p>If your Chrome version is 108.0.5359.94 (Mac and Linux) or 108.0.5359.94\/.95 (Windows), then you have the latest version. If it, click Update Google Chrome.<\/p>\n<p>Note: if you don&rsquo;t have the update option, such as in the case below, some files may be missing from your computer, so it&rsquo;s best to uninstall and reinstall Chrome.<\/p>\n<p style=\"text-align: center;\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.malwarebytes.com\/blog\/news\/2022\/12\/easset_upload_file2878_250578_e.png\" alt=\"\" width=\"638\" height=\"438\" style=\"display: block; margin-left: auto; margin-right: auto;\" \/>Chrome without an update button option<\/p>\n<p>Also, if you have other Chromium-based browsers you&rsquo;re using, you may need to update them.<\/p>\n<h2>Vulnerability details<\/h2>\n<p>The flaw, tracked as&nbsp;<a rel=\"noreferrer noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-4262\" target=\"_blank\">CVE-2022-4262<\/a>,&nbsp;has a severity rating of &ldquo;High&rdquo; and is a type confusion bug. Once exploited, remote attackers could exploit a&nbsp;<a rel=\"noreferrer noopener\" href=\"https:\/\/en.wikipedia.org\/wiki\/Memory_corruption\" target=\"_blank\">memory corruption<\/a>&nbsp;(also called heap corruption) using a specially crafted HTML page.<\/p>\n<p>A type confusion bug happens when code doesn&rsquo;t verify the object type passed to it, and then uses the object without type-checking. Unfortunately, this bug occurs on the V8 JavaScript engine, Google&rsquo;s open-source JavaScript engine. Attacks on the V8 are not common; however, it&#8217;s considered one of the most dangerous.<\/p>\n<p>CVE-2022-4262 is the 4th&nbsp;type confusion bug found this year and the 9th actively exploited zero-day to date.<\/p>\n<p>As with any zero-day vulnerabilities Google patches, very little technical detail is provided about the vulnerability. You will also find that online pages for this&nbsp;vulnerability either contain incomplete details or are there as placeholders to be updated with new information in the future. The National Vulnerability Database is currently analyzing this flaw.<\/p>\n<hr \/>\n<p><strong>We don&#8217;t just report on threats&mdash;we remove them<\/strong><\/p>\n<p>Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by <a href=\"https:\/\/www.malwarebytes.com\/for-home\">downloading&nbsp;Malwarebytes today<\/a>.<\/p>\n<p><a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2022\/12\/update-now-emergency-fix-for-google-chromes-v8-javascript-engine-zero-day-flaw-released\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<table cellpadding=\"10\">\n<tr>\n<td valign=\"top\" align=\"left\">\n<p>Categories: <a href=\"https:\/\/www.malwarebytes.com\/blog\/category\/exploits-and-vulnerabilities\" rel=\"category tag\">Exploits and vulnerabilities<\/a><\/p>\n<p>Categories: <a href=\"https:\/\/www.malwarebytes.com\/blog\/category\/news\" rel=\"category tag\">News<\/a><\/p>\n<p>Tags: V8<\/p>\n<p>Tags:  V8 JavaScript Engine<\/p>\n<p>Tags:  Google Chrome<\/p>\n<p>Tags:  Chrome<\/p>\n<p>Tags:  CVE-2022-4262<\/p>\n<p>Tags:  108.0.5359.94<\/p>\n<p>Tags:  108.0.5359.95<\/p>\n<p>Tags:  Chrome V8 flaw<\/p>\n<p>Tags:  type confusion<\/p>\n<p>Google has rolled out an out-of-band patch for an actively exploited zero-day vulnerability in its V8 JavaScript engine. Make sure you&#8217;re using the latest version.<\/p>\n<table width=\"100%\">\n<tr>\n<td align=\"right\">\n<p><b>(<a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2022\/12\/update-now-emergency-fix-for-google-chromes-v8-javascript-engine-zero-day-flaw-released\" title=\"Update now! Emergency fix for Google Chrome's V8 JavaScript engine zero-day flaw released\">Read more&#8230;<\/a>)<\/b><\/p>\n<\/td>\n<\/tr>\n<\/table>\n<\/td>\n<\/tr>\n<\/table>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2022\/12\/update-now-emergency-fix-for-google-chromes-v8-javascript-engine-zero-day-flaw-released\">Update now! Emergency fix for Google Chrome&#8217;s V8 JavaScript engine zero-day flaw released<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/www.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[28070,28071,10699,28072,28069,22783,11427,32,19988,28067,28068],"class_list":["post-20748","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-108-0-5359-94","tag-108-0-5359-95","tag-chrome","tag-chrome-v8-flaw","tag-cve-2022-4262","tag-exploits-and-vulnerabilities","tag-google-chrome","tag-news","tag-type-confusion","tag-v8","tag-v8-javascript-engine"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/20748","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=20748"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/20748\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=20748"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=20748"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=20748"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}