Get in Touch

Get in Touch

Get in Touch

Please get in touch using the form below.

Close form

Home / Threat Intelligence bulletins / Google Chrome receives new fix

Target Industry

All sectors – opportunistic targeting.

Overview

Severity level: High

Google has released its ninth emergency Chrome patch of 2022, this time to counter CVE-2022-4262.

CVE-2022-4262 is described as a Type Confusion in the V8 Java Script engine, and works by luring a victim, via a phishing link, to a dedicated malicious website where remote code execution can take place.

Impact

If successful, an attack may result in remote execution of arbitrary code and a denial of service against the target system.

Vulnerability Detection

Google Chrome versions prior to 108.0.5359.94/.95 are vulnerable.

Affected Products

Google Chrome – Windows prior to 108.0.5359.94/.95
Google Chrome – Linux prior to 108.0.5359.94/.95
Google Chrome – Mac prior to 108.0.5359.94/.95

Containment, Mitigations & Remediations

When possible, customers are strongly recommended to update all systems using Google Chrome to version 108.0.5359.94/.95 or later to remove the vulnerability.

Chrome updates can be found within Chrome under Settings > About Chrome.

Customers are advised to have regular patching cycles to ensure that all systems are running the latest fixes to reduce the potential for future exploitation.

Indicators of Compromise

No IOCs released.

Mitre Methodologies

T1566.002 – Phishing: Spearphishing Link
T1499.004 – Endpoint Denial of Service: Application or System Exploitation

Further Information

Google Blog
CVE-2022-4262