Security News > 2022 > October > Google fixes seventh Chrome zero-day exploited in attacks this year
Google has released an emergency security update for the Chrome desktop web browser to address a single vulnerability known to be exploited in attacks.
The high-severity flaw is a type confusion bug in the Chrome V8 Javascript engine discovered and reported to Google by analysts at Avast.
Google does not clarify the level of activity involving the exploit that exists in the wild, so whether attacks using CVE-2022-3723 are widespread or limited is not known at this time.
Chrome users can update their browser by opening Settings About Chrome Wait for the download to finish Restart the program.
Version 107.0.5304.87/88 fixes the seventh zero-day vulnerability fixed since the start of the year.
In some cases, like CVE-2022-0609, the flaws were exploited by state-sponsored threat actors for several weeks before Google discovered and patched them.
News URL
Related news
- Google fixes Chrome zero-days exploited at Pwn2Own 2024 (source)
- Google Chrome Beta Tests New DBSC Protection Against Cookie-Stealing Attacks (source)
- Google fixes one more Chrome zero-day exploited at Pwn2Own (source)
- Google Chrome Adds V8 Sandbox - A New Defense Against Browser Attacks (source)
- Lazarus Hackers Exploited Windows Kernel Flaw as Zero-Day in Recent Attacks (source)
- Apple fixes two new iOS zero-days exploited in attacks on iPhones (source)
- DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack (source)
- Google Chrome gets real-time phishing protection later this month (source)
- Google Introduces Enhanced Real-Time URL Protection for Chrome Users (source)
- Google: Spyware vendors behind 50% of zero-days exploited in 2023 (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-11-01 | CVE-2022-3723 | Type Confusion vulnerability in Google Chrome Type confusion in V8 in Google Chrome prior to 107.0.5304.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2022-04-05 | CVE-2022-0609 | Use After Free vulnerability in Google Chrome Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |