Google Chrome, an emergency patch to close an active exploit

In the past few hours, Google released a file . emergency update Chrome Browser On the desktop: it is better to apply it as soon as possible, if for some reason it does not arrive automatically, because it closes a security flaw that someone was already actively exploiting, which risks (risk?) compromising the security of the entire PC.

As usual for all flaws already circulating, Google has decided not to reveal more in-depth technical details for the time being, in order to prevent the exploit from spreading further: it said it would do so when the vast majority of users had applied the patch. The researchers confined themselves to saying that it is a weak point of the class type confusion (where an application allocates a variable or other resource with a specific type and then tries to access it with a different type, causing memory access errors) In the V8 JavaScript engine. The severity of the defect is high, but not critical.

Again for confidentiality reasons, Google does not explain what the risks are on the user’s side, but what is important is to know The safe version is 107.0.5304.87/88. Chrome usually updates itself, so it is very likely that the patch has already been received by the vast majority of users; Remember that it is still possible to force a status update/check by opening the three-dot menu at the top right, then selecting Guide and then google chrome information. Once the page is opened, the browser checks for new versions, downloads and installs them; Then it is necessary to restart the browser manually (it is not always enough to close and reopen it, it is better to use the custom button that is always visible on the page).

This is the 7th of 2022 Where Google has to step in with an emergency patch to shut down an actively exploited flaw. Our colleagues at Bleeping Computer did a quick review of the timeline of the seven incidents:

  • CVE-2022-3723 – Oct 28
  • CVE-2022-3075 Sep-2
  • CVE-2022-2856 – Aug 17
  • CVE-2022-2294-4 July
  • CVE-2022-1364 Apr 14
  • CVE-2022-1096-25 March
  • CVE-2022-0609 – February 14

Related Articles

Leave a Reply

Your email address will not be published.

Back to top button