Number Nine! Chrome fixes another 2022 zero-day, Edge not patched yet

data breach

malware

network threats

AI generated Image

In this case, of course, the bug was already actively being exploited, which implied that an RCE exploit had indeed been found, and that the attackers knew how to do much worse than merely to crash your browser. But treating, say, a 64-bit unsigned integer that can safely contain any numerical value you like, such as an encoded date and time, as a memory pointer that specifies a program subroutine to be called next…… could lead to deliberate deviation of the code flow in the program. It’s just under two weeks since Google rushed out a Chrome patch for the then-current version 107 to seal off a bug that was already being used in real-life attacks.

Source read time: 3 min - nakedsecurity.sophos.com

Also offered in: Nederlands

More news for you