Project Hyphae

CISA Warns of New Chrome Zero-Day

Share This Post

On Friday, December 2nd, 2022, Google released updates for Chrome on Android and Desktop (Windows, Mac and Linux). The Desktop update, in particular, contained fixes to combat a new zero-day vulnerability, tracked as CVE-2022-4262. This is Chrome’s ninth patched zero-day of 2022.

On Monday, December 5th, the Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability to its list of bugs known to be exploited in attacks, though specific technical details have not been shared at this time. CISA is requiring all Federal Civilian Executive Branch (FCEB) agencies to push this patch out by December 26th, three weeks from the announcement, and the Department of Homeland Security cybersecurity agency is strongly urging all U.S. organizations to do the same.

The vulnerability is caused by a high-severity type confusion weakness in the Chromium V8 JavaScript engine. Traditionally, type confusion flaws typically lead to attacks that cause browser crashes caused by reading and writing memory out of buffer bounds, but attackers can exploit them for arbitrary code execution, as well.

Google’s original security advisory can be found here:

Reach out to our incident response team for help

More To Explore

Information Security News 6-10-2024

Frontier Warns 750,000 of a Data Breach After Extortion Threats Article Link: ‘Fog’ Ransomware Rolls in to Target Education, Recreation Sectors Article Link:

Information Security News 6-3-2024

Snowflake Data Breach Impacts Ticketmaster, Other Organizations Article Link: 2.8 Million Impacted by Data Breach at Prescription Services Firm Sav-Rx Article Link: LastPass

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.