Security News > 2022 > October > Google fixes seventh Chrome zero-day exploited in attacks this year
Google has released an emergency security update for the Chrome desktop web browser to address a single vulnerability known to be exploited in attacks.
The high-severity flaw is a type confusion bug in the Chrome V8 Javascript engine discovered and reported to Google by analysts at Avast.
Google does not clarify the level of activity involving the exploit that exists in the wild, so whether attacks using CVE-2022-3723 are widespread or limited is not known at this time.
Chrome users can update their browser by opening Settings About Chrome Wait for the download to finish Restart the program.
Version 107.0.5304.87/88 fixes the seventh zero-day vulnerability fixed since the start of the year.
In some cases, like CVE-2022-0609, the flaws were exploited by state-sponsored threat actors for several weeks before Google discovered and patched them.
News URL
Related news
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- Google fixes Chrome zero-day exploited in espionage campaign (source)
- Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) (source)
- Google fixes Android zero-days exploited in attacks, 60 other flaws (source)
- Google: 97 zero-days exploited in 2024, over 50% in spyware attacks (source)
- EncryptHub linked to MMC zero-day attacks on Windows systems (source)
- Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability (source)
- After Chrome patches zero-day used to target Russians, Firefox splats similar bug (source)
- Apple fixes two zero-days exploited in targeted iPhone attacks (source)
- Apple plugs zero-day holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-01 | CVE-2022-3723 | Type Confusion vulnerability in Google Chrome Type confusion in V8 in Google Chrome prior to 107.0.5304.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2022-04-05 | CVE-2022-0609 | Use After Free vulnerability in Google Chrome Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |