Google has confirmed yet another zero-day vulnerability impacting the Chrome web browser client, the ninth this year. In a posting to the official Chrome releases blog, Google states that users of Chrome on the Windows, Mac, and Linux platforms as well as Android, are impacted by the high-severity CVE-2022-4262 0day security vulnerability. An urgent update has started rolling out across all platforms, and Google is withholding the technical details of the zero-day until a majority of Chrome users have updated.
What do we know about CVE-2022-4262?
Confirming that it is aware of an exploit for this threat existing in the wild, Google has only described CVE-2022-4262 as a ‘type confusion, vulnerability within the V8 JavaScript engine. “It is very likely that this vulnerability allows remote code execution,” Mike Walters, vice-president of vulnerability and threat research at Action1, says. “Which means that a threat actor could cause any script or malware payload to be executed on the victims’ device.” Walters warns that, most often, this means threat actors can exploit such a vulnerability when users visit a malicious website. The attackers then “steal data from the affected devices or create botnets to perform distributed denial-of-service (DDoS) attacks, mine cryptocurrency or send spam,” he adds.
Why you must force update Google Chrome now
Although Google Chrome has an automated update process, which means that once the security patch reaches your device it gets installed automatically, it only becomes effective once the browser itself restarts. This means that there are two problems that can prevent the immediate securing of your browser: firstly, waiting for the update to reach you and, secondly, rebooting Chrome itself. While Google states that the update will be rolling out across the coming days and weeks, this could prove too late for some. Which is why you must update Google Chrome now.
How to force a security update for Google Chrome
You can ‘force’ a Google Chrome security update by getting the browser to check if it is up to date. This circumvents any delay in waiting for it to come to you. Just head for Settings|About Chrome, and Chrome will check if you have the latest version and if not, then a download and installation will start automatically. Remember, though, that Chrome version 108.0.5359.94 (or 108.0.5359.95 for some users) for Windows, and version 108.0.5359.94 for Mac and Linux, will only become active after the browser is rebooted. The fully-patched version of Chrome for Android is 108.0.5359.79, and you should check that this has been updated on your device.
Check your Chrome version as a matter of urgency
“The severity of this vulnerability can hardly be overstated,” Walters concludes, “that’s why we recommend that you update your Chrome browser as soon as possible.”
Users of other web browsers based upon the Chromium engine, such as Brave, Edge, and Opera, should also check for updates as the same zero-day will impact users across these clients as well.
