Tech NewsTech Tips

Google fixes seventh Chrome zero-day exploited in attacks this year

Google fixes seventh Chrome- Google has issued an emergency security update for the Chrome desktop web browser in order to address a single vulnerability that has been exploited in attacks.

The critical hole (CVE-2022-3723) is a type misunderstanding fault in the Chrome V8 Javascript engine that was found and reported to Google by Avast analysts.

The notification states, “Google is aware of reports that an attack for CVE-2022-3723 exists in the wild.”

For security reasons, the business did not reveal many specifics about the vulnerability, giving Chrome users adequate time to update to version 107.0.5304.87/88, which fixes the issue.

“Access to bug details as well as links may be limited until a majority of users have received a repair,” Google warns.

“We will also preserve restrictions if the fault resides in a third-party library on which other projects rely but have not yet been resolved.”

Type confusion vulnerabilities occur when a programme allocates a resource, object, or variable with one type and subsequently accesses it with another, incompatible type, resulting in out-of-bounds memory access.

An attacker might extract sensitive information from other apps, cause crashes, or execute arbitrary code by accessing memory areas that should not be accessible from the context of the programme.

Google did not specify the level of activity involving the vulnerability in the wild, thus whether CVE-2022-3723 assaults are common or limited is unknown at this time.

Users of Chrome can upgrade their browser by going to Settings About Chrome. Wait for the download to complete. Relaunch the programme.

This is the seventh Chrome zero-day fix this year.

Version 107.0.5304.87/88 addresses the sixth zero-day vulnerability discovered since the beginning of the year.

The previous six are as follows:

  1. CVE-2022-3075 – September 2nd
  2. CVE-2022-2856 – 17th of August
  3. CVE-2022-2294 – 4th of July
  4. CVE-2022-1364 – 14th of April
  5. March 25th, CVE-2022-1096
  6. CVE-2022-0609 – 14th of February

In other cases, such as CVE-2022-0609, state-sponsored threat actors exploited the weaknesses for several weeks before Google detected and patched them.

As a result, Chrome users are highly encouraged to update their web browsers as soon as possible in order to prevent exploitation efforts.

Related Articles

0 0 votes
Article Rating
Notify of
Inline Feedbacks
View all comments
Back to top button
Would love your thoughts, please comment.x

Adblock Detected

🙏Kindly remove the ad blocker so that we can serve you better and more authentic information🙏