High severity zero-day vulnerability has been found in Google Chrome for Desktop, causing Google to release their ninth emergency update so far this year to patch it. Users of Chrome on Windows, Mac, and Linux should update to the latest version of this browser, which is version 108.0.5359.94 for Mac and Linux, and version(s) 108.0.5359.94/.95 for Windows. An exploit for this vulnerability has been publicly disclosed, and evidence of this exploit being actively used by cyber criminals has been found in the wild. The emergency update released last Friday comes just one week after another actively exploited flaw was patched in Google Chrome, that also affected other Chromium-based browsers such as Microsoft Edge. 

The zero-day vulnerability patched in this new update is tracked as CVE-2022-4262, and has been given a high severity rating, with a CVSS base score of 8.8. This vulnerability is a type confusion flaw in the Chrome V8 JavaScript engine. Chrome V8 executes JavaScript code either within or outside the browser, through both client-side and sever-side scripting. A type confusion vulnerability can cause code to be written outside the allocated buffer in the memory, which normally leads to the software crashing, and occasionally allows for arbitrary code execution. In this case, an attacker could exploit this in the heap memory of the browser through a malicious HTML web page. Attackers can craft an HTML page to cause this heap corruption which then allows them to perform remote code execution. 

It is possible that this vulnerability could also be found in other chromium-based browsers, as the V8 JavaScript engine in which this flaw occurs is an open-source engine developed by the Chromium Project for Chromium web browsers. All users of the Google Chrome desktop app should update to the most recent version by opening the browser, then clicking the three-dot menu (…) to open Settings. Within Settings, a menu appears on the right of the page including the option About Chrome, which when clicked shows the current version of Google Chrome running and allows the user to download and install any available updates. This is also where you can turn on automatic updates for Google Chrome, which is useful to ensure that your devices are kept up to date and secure when each new security update is released.