This article covers recent vulnerabilities found to be actively exploited. They are categorised based not only on the category of exploitation, but their impact, and versions affected. This article also informs on any official fix and remediation guidance for the listed vulnerabilities.
Category: Arbitrary Code Execution
Other Chromium-based browsers including Brave, Falkon, Bromite, Blisk, Epic, Opera, and more may also potentially be affected.
A Type Confusion vulnerability exists in the V8 component of Google Chrome prior to 125.0.6422.60, which can be triggered by an attacker via a crafted HTML page. The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.
When the product accesses the resource using an incompatible type, this could trigger logical errors because the resource does not have expected properties, which can lead to out-of-bounds memory access.
Customers are requested to upgrade to the latest stable channel version 125.0.6422.60/.61 for Mac and Windows and 125.0.6422.60 for Linux.
Updates to Chrome are available via the built-in system package managers on some desktop and server operating systems, or alternatively may be downloaded via the relevant application store on certain mobile devices (e.g. Apple App Store, or Google Play Store). See How to update Google Chrome for more information.
Chrome typically updates automatically, but users can manually check for updates by navigating to “Settings” > “About Chrome”.
Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.
NOTE: Remediation of this vulnerability by patching to a specific version indicated may not be sufficient to secure the product against further vulnerabilities discovered in later versions, subsequent to the publication of this guidance. Unless contra-indicated, customers are therefore advised to always upgrade to the latest version of the product available.
AppCheck is a software security vendor based in the UK, offering a leading security scanning platform that automates the discovery of security flaws within organisations websites, applications, network, and cloud infrastructure. AppCheck are authorized by the Common Vulnerabilities and Exposures (CVE) Program as a CVE Numbering Authority (CNA).
No software to download or install.
Contact us or call us 0113 887 8380
AppCheck is a software security vendor based in the UK, offering a leading security scanning platform that automates the discovery of security flaws within organisations websites, applications, network and cloud infrastructure. AppCheck are authorized by te Common Vulnerabilities and Exposures (CVE) Program aas a CVE Numbering Authority (CNA)