⚡ TL;DR | Go Straight to the Google Chrome 108 Vulnerability Audit Report
Google has released another security update for the desktop version of Google Chrome 108 for Windows, Linux, and Mac in response to a zero-day type confusion vulnerability. Google is already aware of reports that the bug has been exploited in the wild. This is the ninth zero-day vulnerability in Chrome that Google has had to respond to this year. Type confusion vulnerabilities can be exploited to cause browser crashes and arbitrary code execution, which in turn can interrupt processes and compromise sensitive data.
CVE-2022-4262
The vulnerability tracked as CVE-2022-4262 is a high severity type confusion in the Chrome V8 JavaScript engine. For now, Google hasn’t released any further details about the bug yet. They do this to prevent further exploitation of the bug until a majority of users has had a chance to update to the fixed version of Chrome. Type confusion vulnerabilities usually lead to browser crashes by reading or writing memory out of buffer bounds. However, attackers could also use them for arbitrary code execution.
Update Vulnerable Google Chrome Installations
Google advises that you update all Google Chrome installations to the new fixed version in order to protect yourself against the vulnerability mentioned above. For Windows that is version 108.0.5359.94/.95, for Mac and Linux that is version 108.0.5359.94. You can find more information about the security fix on Google’s release blog.
Discover Vulnerable Chrome Installs
The Lansweeper team has created a special report, that will provide you with a list of all computers in your network that don’t have the latest version of Chrome 108 installed yet. This way you can easily locate any installs that are at risk and update them accordingly. You can download the report via the link below.
