Time to update: Google Chrome browser patches high-severity security flaw

Google issues a security update about a flaw it says is already being exploited in the wild.
Written by Danny Palmer, Senior Writer
Image: Getty/damircudic

Google has released a security update for for Chrome that protects users against a newly discovered, high-severity vulnerability in the browser that it's warned is already actively being exploited by cyber attackers. 

The Stable Channel Update for Google Chrome on desktop is for Windows, Mac and Linux versions of the browser. It's recommended that users apply the security update as soon as possible – something that Google Chrome will do automatically when the browser is closed and reopened. 

The update fixes CVE-2022-4262, a vulnerability classed as high severity that allows a remote attacker to potentially exploit a Type Confusion issue in Google V8's javascript engine by causing heap corruption via a crafted HTML page. 

Also: We are still failing to learn the most important lesson in cybersecurity.

'Heap' is an area of pre-reserved computer memory that a program uses to store a variable amount of data – and heap corruption occurs when a program damages the view of the heap, which can result in a memory fault that can be abused by attackers. 

Google states that it's aware that an exploit for CVE-2022-4262 is active in the wild – in other words, it's actively being used by cyber criminals to power malicious hacking campaigns – but hasn't yet provided any information on how this is taking place, citing a precaution against providing other attackers with a way to use it before users are protected. 

Also: Cybersecurity: These are the new things to worry about in 2023

"Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed," said Google's update. 

The vulnerability was discovered by Clement Lecigne of Google's Threat Analysis Group. It represents the latest in a series of security flaws in Google Chrome that have been uncovered and patched during this year. 

These include, among others, CVE-2022-4135, a vulnerability that emerged in late November and was already actively being exploited in the wild, as well as security flaws that emerged in September and a series of significant vulnerabilities that appeared in July.

The update that fixes the latest flaw – 108.0.5359.94 for Mac and Linux, and 108.0.5359.94/.95 for Windows – is being rolled out now and it's recommended users apply it.  


Editorial standards