[ad_1]
In the past few hours, Google has released a emergency update for the its Chrome browser on desktop: it is best to apply it as soon as possible, if for some reason it does not arrive automatically, because it closes a security flaw that someone was already actively exploiting, and which risked (risking?) of compromising the security of the entire computer.
As usual for all the flaws of which an exploit is already circulating, Google has decided not to reveal the more in-depth technical details for now, in order to prevent the exploit from spreading further: it has said that it will do so when the vast majority of users have patch applied. The researchers limited themselves to saying that it is a class vulnerability Type Confusion (where an application allocates a variable or other resource with a certain type and then tries to access it using a different one, causing memory access errors) in the V8 JavaScript engine. The severity of the flaw is high, but not critical.
Again for reasons of confidentiality, Google does not explain what the risks are on the user side, but what matters is to know that the safe version is 107.0.5304.87/88. Chrome usually updates itself, so it’s extremely likely that the patch has already been received by the vast majority of users; remember that it is still possible to force an update / check the status by opening the menu of the three dots at the top right, then choosing Guide and then Information about Google Chrome. As soon as the page opens, the browser checks for new versions, downloads and installs them; then a manual restart of the browser is needed (it is not always enough to close and reopen it, better to use the dedicated button always visible on the page).
This is the seventh time of 2022 where Google has to intervene with an emergency patch to close an actively exploited flaw. Bleeping Computer colleagues made a quick review with the timeline of the seven incidents:
- CVE-2022-3723 – October 28
- CVE-2022-3075 – September 2
- CVE-2022-2856 – August 17
- CVE-2022-2294 – July 4
- CVE-2022-1364 – April 14
- CVE-2022-1096 – March 25
- CVE-2022-0609 – February 14
[ad_2]
Source link
