Google has released Chrome 108.0.5359.94/.95 for Windows, Mac, and Linux users to fix a single, very serious security flaw, the ninth exploited zero-day Chrome in the wild patched since the start of the year.
“Google is aware of reports that an exploit for CVE-2022-4262 exists in the wild,” the search giant said in a statement. security consulting published on Friday.
According to Google, the new version has started rolling out to users in the Stable Desktop channel and will reach the entire user base within days or weeks.
This update was immediately rolled out to our systems when BleepingComputer searched for new updates in the Chrome menu > Help > About Google Chrome.
The web browser will also automatically check for new updates and install them without requiring user interaction after the next launch.
Attack details not available
Even though type confusion vulnerabilities typically lead to browser crashes after successful exploitation by reading or writing memory out of buffer bounds, threat actors can also exploit them for the execution of arbitrary code.
Although Google said it detected attacks exploiting this zero day, the company has not yet shared any technical details or information regarding these incidents.
“Access to bug details and links may be restricted until a majority of users are updated with a fix,” Google added.
“We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but have not yet been fixed.”
This will give Google Chrome users enough time to update their browsers and prevent exploit attempts until more information is released, allowing more attackers to develop their own exploits.
Ninth Chrome zero-day patched this year
With this emergency update, Google is tackling Chrome’s ninth zero-day attacker exploited in the wild since early 2022.
The eight zero-day vulnerabilities found and patched this year are: