Security News > 2022 > October > Google Issues Urgent Chrome Update to Patch Actively Exploited Zero-Day Vulnerability
Google on Thursday rolled out emergency fixes to contain an actively exploited zero-day flaw in its Chrome web browser.
The vulnerability, tracked as CVE-2022-3723, has been described as a type confusion flaw in the V8 JavaScript engine.
Security researchers Jan Vojtěšek, Milánek, and Przemek Gmerek of Avast have been credited with reporting the flaw on October 25, 2022.
"Google is aware of reports that an exploit for CVE-2022-3723 exists in the wild," the internet giant acknowledged in an advisory without getting into more specifics about the nature of the attacks.
CVE-2022-3723 is the third actively exploited type confusion bug in V8 this year after CVE-2022-1096 and CVE-2022-1364.
The latest fix also marks the resolution of the seventh zero-day in Google Chrome since the start of 2022 -.
News URL
https://thehackernews.com/2022/10/google-issues-urgent-chrome-update-to.html
Related news
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- Google fixes Chrome zero-day exploited in espionage campaign (source)
- Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) (source)
- Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability (source)
- Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days (source)
- Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)
- New Windows zero-day leaks NTLM hashes, gets unofficial patch (source)
- CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825) (source)
- After Chrome patches zero-day used to target Russians, Firefox splats similar bug (source)
- Google Fixed Cloud Run Vulnerability Allowing Unauthorized Image Access via IAM Misuse (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-01 | CVE-2022-3723 | Type Confusion vulnerability in Google Chrome Type confusion in V8 in Google Chrome prior to 107.0.5304.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2022-07-26 | CVE-2022-1364 | Type Confusion vulnerability in Google Chrome Type confusion in V8 Turbofan in Google Chrome prior to 100.0.4896.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2022-07-23 | CVE-2022-1096 | Type Confusion vulnerability in Google Chrome Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |