Number Nine! Chrome fixes another 2022 zero-day, Edge not patched yet
Google has released an update for Chrome that fixes a bug that was already being used in real-world attacks.
In this case, of course, the bug was already actively being exploited, which implied that an RCE exploit had indeed been found, and that the attackers knew how to do much worse than merely to crash your browser. But treating, say, a 64-bit unsigned integer that can safely contain any numerical value you like, such as an encoded date and time, as a memory pointer that specifies a program subroutine to be called next…… could lead to deliberate deviation of the code flow in the program. It’s just under two weeks since Google rushed out a Chrome patch for the then-current version 107 to seal off a bug that was already being used in real-life attacks.
Source read time: 3 min - nakedsecurity.sophos.com
Also offered in: Nederlands