Security News > 2022 > October > Google fixes seventh Chrome zero-day exploited in attacks this year
Google has released an emergency security update for the Chrome desktop web browser to address a single vulnerability known to be exploited in attacks.
The high-severity flaw is a type confusion bug in the Chrome V8 Javascript engine discovered and reported to Google by analysts at Avast.
Google does not clarify the level of activity involving the exploit that exists in the wild, so whether attacks using CVE-2022-3723 are widespread or limited is not known at this time.
Chrome users can update their browser by opening Settings About Chrome Wait for the download to finish Restart the program.
Version 107.0.5304.87/88 fixes the seventh zero-day vulnerability fixed since the start of the year.
In some cases, like CVE-2022-0609, the flaws were exploited by state-sponsored threat actors for several weeks before Google discovered and patched them.
News URL
Related news
- Google fixes Android kernel zero-day exploited in attacks (source)
- Fortinet Warns of New Zero-Day Used in Attacks on Firewalls with Exposed Interfaces (source)
- Supply chain attack hits Chrome extensions, could expose millions (source)
- SonicWall SMA appliances exploited in zero-day attacks (CVE-2025-23006) (source)
- SonicWall warns of SMA1000 RCE flaw exploited in zero-day attacks (source)
- Google takes action after coder reports 'most sophisticated attack I've ever seen' (source)
- Google to kill Chrome Sync on older Chrome browser versions (source)
- New Syncjacking attack hijacks devices using Chrome extensions (source)
- Google says hackers abuse Gemini AI to empower their attacks (source)
- 7-Zip MotW bypass exploited in zero-day attacks against Ukraine (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-01 | CVE-2022-3723 | Type Confusion vulnerability in Google Chrome Type confusion in V8 in Google Chrome prior to 107.0.5304.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2022-04-05 | CVE-2022-0609 | Use After Free vulnerability in Google Chrome Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |