Google patches a critical flaw in its Chrome browser, bringing its count of zero-day vulnerabilities fixed in 2022 to four.
Google fixed two vulnerabilities in its Chrome web browser as part of an emergency update this week, including a type confusion vulnerability that is already being exploited in the wild.
The type confusion vulnerability (CVE-2022-1364) impacts the JavaScript and WebAssembly engine in the browser. With this kind of flaw, a program will allocate a resource (such as a pointer or object) using one type but will later try to access the resource using an incompatible type. The vulnerability can be exploited to cause the browser to crash, trigger logical errors, or even execute arbitrary code.
“Google is aware that an exploit for CVE-2022-1364 exists in the wild,” the company wrote in the alert. Details will be restricted until a majority of users have updated to Chrome version 100.0.4896.127 across the Windows, Linux, and Mac platforms. Read more: https://bit.ly/38MAiMr
You can also read this: Google Removes Dangerous Banking Malware From Play Store