Get in Touch
Google Chrome receives new fix
All sectors – opportunistic targeting.
Severity level: High
Google has released its ninth emergency Chrome patch of 2022, this time to counter CVE-2022-4262.
CVE-2022-4262 is described as a Type Confusion in the V8 Java Script engine, and works by luring a victim, via a phishing link, to a dedicated malicious website where remote code execution can take place.
If successful, an attack may result in remote execution of arbitrary code and a denial of service against the target system.
Google Chrome versions prior to 108.0.5359.94/.95 are vulnerable.
Google Chrome – Windows prior to 108.0.5359.94/.95
Google Chrome – Linux prior to 108.0.5359.94/.95
Google Chrome – Mac prior to 108.0.5359.94/.95
Containment, Mitigations & Remediations
When possible, customers are strongly recommended to update all systems using Google Chrome to version 108.0.5359.94/.95 or later to remove the vulnerability.
Chrome updates can be found within Chrome under Settings > About Chrome.
Customers are advised to have regular patching cycles to ensure that all systems are running the latest fixes to reduce the potential for future exploitation.
Indicators of Compromise
No IOCs released.
T1566.002 – Phishing: Spearphishing Link
T1499.004 – Endpoint Denial of Service: Application or System Exploitation