CISA gives agencies deadline to patch against Google Chrome bug being actively exploited in the wild.
Although details about its real-world impact are vague, the Cybersecurity and Infrastructure Security Agency (CISA) added a Google Chrome flaw to its list of Known Exploited Vulnerabilities Catalog.
Google has already released a fixed version of Chrome browser for Windows, Mac, and Linux users. CISA has given government agencies until Dec. 26 to get a patch in place.
Tracked under CVE-2022-4262, CISA described the Google Chrome V8 Engine flaw as a "type confusion vulnerability." Attackers can exploit this kind of vulnerability by using a specially crafted HTML page to corrupt the heap and crashing the browser. Attackers can also exploit type confusion flaws to execute arbitrary code. An exploit for CVE-2022-4262 already exists in the wild, according to Google.
"Specific impacts from exploitation are not available at this time," CISA added.
About the Author(s)
You May Also Like
Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024