Chromium V8 Type Confusion Vulnerability - 20221208001

Overview

The WA SOC has observed a Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

What is the vulnerability ?

CVE-2022-4262 - Google Chromium V8 Type Confusion Vulnerability

What is vulnerable ?

• 108.0.5359.94 for Mac and Linux, and;
• 108.0.5359.94/.95 for Windows.

What has been observed ?

CISA has seen CVE-2022-4262 exploited, patching should be prioritised.

Recommendation

Update Google Chrome to the latest version to fix this vulnerability within 2 weeks. To update Google Chrome:

1. On your computer, open Chrome
2. At the top right, click More ⋮
3. Click Help and then About Google Chrome
4. Click Update Google Chrome
5. Important: If you can't find this button, you're on the latest version
6. Click Relaunch

Reference

• Google Chrome Release - Stable Channel Update for Desktop https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop.html
• CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') https://cwe.mitre.org/data/definitions/843.html