Although details about its real-world impact are vague, the Cybersecurity and Infrastructure Security Agency (CISA) added a Google Chrome flaw to its Known Exploited Vulnerabilities Catalog list.
Google has already released a fixed version of Chrome browser for Windows, Mac, and Linux users. CISA has given government agencies until Dec. 26 to get a patch.
Tracked under CVE-2022-4262, CISA described the Google Chrome V8 Engine flaw as a “type confusion vulnerability.” Attackers can exploit this vulnerability by using a specially crafted HTML page to corrupt the heap and crash the browser. Attackers can also exploit type confusion flaws to execute arbitrary code. An exploit for CVE-2022-4262 already exists in the wild, according to Google.
“Specific impacts from exploitation are unavailable at this time,” CISA added.