Google on Thursday rolled out unexpected emergency fixes to consist of an actively exploited zero-working day flaw in its Chrome web browser.
The vulnerability, tracked as CVE-2022-3723, has been explained as a sort confusion flaw in the V8 JavaScript motor.
Security researchers Jan Vojtěšek, Milánek, and Przemek Gmerek of Avast have been credited with reporting the flaw on October 25, 2022.

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
“Google is conscious of reviews that an exploit for CVE-2022-3723 exists in the wild,” the internet huge acknowledged in an advisory without having finding into extra particulars about the nature of the attacks.
CVE-2022-3723 is the 3rd actively exploited type confusion bug in V8 this 12 months soon after CVE-2022-1096 and CVE-2022-1364.
The hottest deal with also marks the resolution of the seventh zero-working day in Google Chrome considering that the start of 2022 –
- CVE-2022-0609 – Use-soon after-free of charge in Animation
- CVE-2022-1096 – Sort confusion in V8
- CVE-2022-1364 – Form confusion in V8
- CVE-2022-2294 – Heap buffer overflow in WebRTC
- CVE-2022-2856 – Inadequate validation of untrusted input in Intents
- CVE-2022-3075 – Inadequate knowledge validation in Mojo
Users are advised to upgrade to model 107..5304.87 for macOS and Linux and 107..5304.87/.88 for Windows to mitigate opportunity threats.
People of Chromium-primarily based browsers these kinds of as Microsoft Edge, Brave, Opera, and Vivaldi are also recommended to apply the fixes as and when they develop into available.
Located this write-up interesting? Comply with THN on Facebook, Twitter and LinkedIn to study a lot more unique written content we submit.
Some elements of this post are sourced from:
thehackernews.com