Security News > 2022 > October > Google fixes seventh Chrome zero-day exploited in attacks this year

Google fixes seventh Chrome zero-day exploited in attacks this year
2022-10-28 11:34

Google has released an emergency security update for the Chrome desktop web browser to address a single vulnerability known to be exploited in attacks.

The high-severity flaw is a type confusion bug in the Chrome V8 Javascript engine discovered and reported to Google by analysts at Avast.

Google does not clarify the level of activity involving the exploit that exists in the wild, so whether attacks using CVE-2022-3723 are widespread or limited is not known at this time.

Chrome users can update their browser by opening Settings About Chrome Wait for the download to finish Restart the program.

Version 107.0.5304.87/88 fixes the seventh zero-day vulnerability fixed since the start of the year.

In some cases, like CVE-2022-0609, the flaws were exploited by state-sponsored threat actors for several weeks before Google discovered and patched them.


News URL

https://www.bleepingcomputer.com/news/security/google-fixes-seventh-chrome-zero-day-exploited-in-attacks-this-year/

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-11-01 CVE-2022-3723 Type Confusion vulnerability in Google Chrome
Type confusion in V8 in Google Chrome prior to 107.0.5304.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google CWE-843
8.8
8.8
2022-04-05 CVE-2022-0609 Use After Free vulnerability in Google Chrome
Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google CWE-416
8.8
8.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Google 103 257 4344 4739 748 10088