Google fixes seventh Chrome- Google has issued an emergency security update for the Chrome desktop web browser in order to address a single vulnerability that has been exploited in attacks.
The critical hole (CVE-2022-3723) is a type misunderstanding fault in the Chrome V8 Javascript engine that was found and reported to Google by Avast analysts.
The notification states, “Google is aware of reports that an attack for CVE-2022-3723 exists in the wild.”
For security reasons, the business did not reveal many specifics about the vulnerability, giving Chrome users adequate time to update to version 107.0.5304.87/88, which fixes the issue.
“Access to bug details as well as links may be limited until a majority of users have received a repair,” Google warns.
“We will also preserve restrictions if the fault resides in a third-party library on which other projects rely but have not yet been resolved.”
Type confusion vulnerabilities occur when a programme allocates a resource, object, or variable with one type and subsequently accesses it with another, incompatible type, resulting in out-of-bounds memory access.
An attacker might extract sensitive information from other apps, cause crashes, or execute arbitrary code by accessing memory areas that should not be accessible from the context of the programme.
Google did not specify the level of activity involving the vulnerability in the wild, thus whether CVE-2022-3723 assaults are common or limited is unknown at this time.
Users of Chrome can upgrade their browser by going to Settings About Chrome. Wait for the download to complete. Relaunch the programme.
- Google Bumps Up Workspace Individual Storage
- Stock Photography: Google On The Use Of Stock Photography
- How to Get Google nest aware Plus on iPhone
This is the seventh Chrome zero-day fix this year.
Version 107.0.5304.87/88 addresses the sixth zero-day vulnerability discovered since the beginning of the year.
The previous six are as follows:
- CVE-2022-3075 – September 2nd
- CVE-2022-2856 – 17th of August
- CVE-2022-2294 – 4th of July
- CVE-2022-1364 – 14th of April
- March 25th, CVE-2022-1096
- CVE-2022-0609 – 14th of February
In other cases, such as CVE-2022-0609, state-sponsored threat actors exploited the weaknesses for several weeks before Google detected and patched them.
As a result, Chrome users are highly encouraged to update their web browsers as soon as possible in order to prevent exploitation efforts.