Google Chrome Flaw Added to CISA Patch List

Although details about its real-world impact are vague, the Cybersecurity and Infrastructure Security Agency (CISA) added a Google Chrome flaw to its Known Exploited Vulnerabilities Catalog list.

Google has already released a fixed version of Chrome browser for Windows, Mac, and Linux users. CISA has given government agencies until Dec. 26 to get a patch.

Tracked under CVE-2022-4262, CISA described the Google Chrome V8 Engine flaw as a “type confusion vulnerability.” Attackers can exploit this vulnerability by using a specially crafted HTML page to corrupt the heap and crash the browser. Attackers can also exploit type confusion flaws to execute arbitrary code. An exploit for CVE-2022-4262 already exists in the wild, according to Google.

“Specific impacts from exploitation are unavailable at this time,” CISA added.

Source: DarkReading, CISA