Get in Touch
Please get in touch using the form below.
Google Chrome receives new fix
Target Industry
All sectors – opportunistic targeting.
Overview
Severity level: High
Google has released its ninth emergency Chrome patch of 2022, this time to counter CVE-2022-4262.
CVE-2022-4262 is described as a Type Confusion in the V8 Java Script engine, and works by luring a victim, via a phishing link, to a dedicated malicious website where remote code execution can take place.
Impact
If successful, an attack may result in remote execution of arbitrary code and a denial of service against the target system.
Vulnerability Detection
Google Chrome versions prior to 108.0.5359.94/.95 are vulnerable.
Affected Products
Google Chrome – Windows prior to 108.0.5359.94/.95
Google Chrome – Linux prior to 108.0.5359.94/.95
Google Chrome – Mac prior to 108.0.5359.94/.95
Containment, Mitigations & Remediations
When possible, customers are strongly recommended to update all systems using Google Chrome to version 108.0.5359.94/.95 or later to remove the vulnerability.
Chrome updates can be found within Chrome under Settings > About Chrome.
Customers are advised to have regular patching cycles to ensure that all systems are running the latest fixes to reduce the potential for future exploitation.
Indicators of Compromise
No IOCs released.
Mitre Methodologies
T1566.002 – Phishing: Spearphishing Link
T1499.004 – Endpoint Denial of Service: Application or System Exploitation