TLDR: A critical zero-day vulnerability in Google Chrome’s V8 engine is being actively exploited by APT groups. The flaw allows remote code execution through maliciously crafted JavaScript.
Google has released an emergency patch. Users are urged to update immediately.
Technical Details:
- Type confusion in V8 TurboFan JIT compiler
- Triggered via malicious JavaScript on compromised websites
- Sandbox escape chain confirmed
- CVSS Score: 9.6 (Critical)
Affected Versions: Chrome < 122.0.6261.112