Google has just issued its latest version of Chrome, which addresses one high-severty security flaw.
Google has been made aware of reports that an attack exploiting a vulnerability in its Chrome browser could be used against visitors to websites.
According to Google, its latest update for Chrome OS devices has begun reaching users in the Stable desktop (Chrome) channels, and it will be available to everyone within a few days or weeks.
We immediately updated our systems when we checked for new security patches from the Chrome Web Store.
After launching the app, the browser will automatically check for new updates, and if there are any, they will be installed without requiring manual action from the end users.
Attack Details Not Available
The zero-day exploit (CVE-2020-5659) is caused by a high severity type confusion flaw in the Chrome V8 Javascript Engine reported by Clement Lecigne of Google’s Threat Analysis Group.
Even though these types of vulnerabilities usually cause browsers to crash after successful exploitation, they can be exploited for arbitrary code execution too.
While Google says it has found evidence of attackers using its Chrome browser to exploit a previously unknown vulnerability, the company hasn’t shared any technical details or information regarding the incident.
“We’re aware of an issue affecting some Android devices where the camera app crashes when taking photos after updating to the latest version of the operating system.”
“If we discover a security vulnerability in a third-‐part library, we may choose not to release an update for our project until the issue has been resolved by the maintainers of that library.”
This will give Google Chrome browser owners enough time to update their browsers before new attacks are developed, giving hackers less time to exploit vulnerabilities.
Ninth Chrome Zero-Day Patched This Year
With this latest security update, Google has addressed nine new zero-days that hackers have used in the wild since January 1st, 2020.
The previous eight zero-day security bugs found and fixed this year include:
- CVE-2022-2856 – August 17
- CVE-2022-2294 – July 4
- CVE-2022-1364 – April 14
- CVE-2022-1096 – March 25
- CVE-2022-0609 – February 14
- CVE-2022-3723 – October 28
- CVE-2022-4135 – November 25