Ninth Actively Exploited Chrome Zero-day Spotted in the Wild

What’s happening?

What’s the threat?

• Hackers exploiting the Chrome vulnerability can execute RCE-based attacks by serving untrusted code from a malicious page, resulting in arbitrary code execution attacks.
• Furthermore, the Chrome zero-day could allow a remote attacker to potentially exploit heap corruption via a specially crafted HTML page.

The fix

• Google claimed to have addressed the Chome zero-day for different OS platforms with the new Google Chrome update.
• It has readied versions 108.0.5359.94 for Mac and Linux and version 108.0.5359.94/.95 for Windows.

What’s more?

• Google researchers haven’t shared technical details about the Chrome vulnerability to let users finish their Chrome updates. Else, if shared, hackers would start abusing it.
• Besides, the Chrome zero-day has found its place in the CISA’s Known Exploited Vulnerabilities catalog.

Other zero-day exploits from 2022

• CVE-2022-4135 – (November 25) – heap buffer overflow issue in GPU
• CVE-2022-3723 – (October 28) – type confusion issue that resides in the V8 Javascript engine
• CVE-2022-3075 (September 2) – Insufficient data validating in the Mojo collection of runtime libraries.
• CVE-2022-2856 (August 17) – Insufficient validation of untrusted input in Intents
• CVE-2022-2294 (July 4) – Heap buffer overflow in the Web Real-Time Communications (WebRTC) component
• CVE-2022-1364 (April 14) –  type confusion issue that resides in the V8 JavaScript engine
• CVE-2022-1096 – (March 25) – type Confusion in V8 JavaScript engine
• CVE-2022-0609 – (February 14) – use after free issue that resides in the Animation component

Conclusion