Google Chrome version 108.0.5359.98/99 as bug fix update, warning about CVE-2022-4262

Chrome[German]Google has updated Google Chrome in the 108 branch in the Stable Channel for Mac, Linux, and Windows, as well as the Extended Stable Channel, as of December 7, 2022. Thanks to reader EP for pointing this out. In addition, security organizations are warning users to update Google Chrome to at least version 108.0.5359.94/.95 as the closed vulnerability is being exploited.


Google Chrome Chrome 108.0.5359.98/99

The relevant entry for Chrome 108.0.5359.9x can be found on the Google blog. The stable channel as well as the extended stable channel have been updated to version 108.0.5359.98 for Mac and Linux and version 108.0.5359.99 for Windows. The updates probably fixes some bugs, closed vulnerabilities are not listed.

Chrome will be rolled out to systems over the next few days via the automatic update feature. One can (and in this case should) also update the browser manually (via the menu and the About Google Chrome command). The latest build of the Chrome browser can also be downloaded here.

Warning about CVE-2022-4262: Update Google Chrome / Edge.

On December 2, 2022, Google had provided security updates to Google Chrome in the 108 branch in the stable channel for Mac, Linux, and Windows, as well as for Android (see Chrome 108.0.5359.94/.95 security fixes). The updates close a previously exploited Type Confusion vulnerability CVE-2022-4262 in the V8 JavaScript engine. Google did not provide more detailed vulnerability information but writes that exploitation has been observed in the wild. This vulnerability was assigned a CVE index of 8.8 (max is 10).

Meanwhile, the US Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its list of most dangerous and already exploited vulnerabilities (see also). U.S. agencies must have patched affected Chrome installations by Dec. 26, 2022.

Organizations using the Microsoft Edge browser should update the browser to version 108.0.1462.42, as Microsoft has closed the affected vulnerability there (see Edge 108.0.1462.42).

Tip: If Chrome or Edge on Windows 7/8.1 or Windows Server 2012 R2 shows an upgrade notification for the operating system because the os reaches the end of support in 2023, my blog post Windows 7/8.1/Server 2012R2: Deactivate Google Chrome notification to upgrade to Windows 10 discusses the registry entries for various browsers to suppress the notification.

Cookies helps to fund this blog: Cookie settings

This entry was posted in browser, Update and tagged , . Bookmark the permalink.

One Response to Google Chrome version 108.0.5359.98/99 as bug fix update, warning about CVE-2022-4262

  1. EP says:

    Chrome 108.0.5359.125 for Windows and Chrome 108.0.5359.124 for Linux & Mac released Tue. December 13:

    this one is a security update release

Leave a Reply

Your email address will not be published. Required fields are marked *