Google Patches Ninth Chrome Zero-Day of the Year

In software, security vulnerabilities are inevitable. It isn’t about preventing them outright with perfect code. Rather, the challenge is discovering vulnerabilities and patching them before bad actors take advantage of them. Google has been working overtime to fight against security vulnerabilities with Chrome this year, as the company just issued a patch for the browser’s ninth zero-day.

The patch comes in the form of Chrome version 108.0.5359.94/.95 for Mac, Windows, and Linux. Unlike most Google patches, this update includes a fix for this singular zero-day. Identified as CVE-2022-4262, the zero-day is a “high-severity type confusion weakness in the Chrome V8 JavaScript engine. Bad actors can exploit a type confusion weakness by reading or writing memory outside the scope of the code, and from there, execute arbitrary code, effectively taking over the machine.

From there, we don’t know much else about the zero-day. Google is staying tight-lipped about the security vulnerability, likely for fear of more information about it spreading before its user base can patch their browsers.

Zero-days are particularly dangerous, because they are security vulnerabilities with active exploits. That means someone out there knows how to use the vulnerability against you, there’s just no telling how many people know. It’s Google’s prerogative, then, to patch the flaw for as many people as possible as quickly as possible.

According to Bleeping Computer, the other zero-days patched this year include: