Although Google didn’t release technical details regarding the vulnerability, it has been reported that CVE-2022-4262 has a high security rating and allows remote attackers to exploit heap (memory) corruption through crafted HTML pages. According to The Center for Internet Security, successful exploitation of the vulnerability could allow an attacker to execute code in the context of the logged-on user. This means that the attacker could view, change, delete data, create new accounts with full user rights, or install programs.
Google stated in their security advisory that details regarding the vulnerability are kept restricted until most users are updated with a fix. Browser updates are currently being rolled out and users will receive updates to version v108.0.5359.94 (Mac and Linux) and v108.0.5359.94/.95 (Windows). CVE-2022-4262 has been added to the Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities catalog, which means that government agencies have until December 26, 2022, to apply the patches.
At this time, there are no known IoCs associated with CVE-2022-4262. Avertium’s threat hunters remain vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.