Google on Thursday rolled out unexpected emergency fixes to consist of an actively exploited zero-working day flaw in its Chrome web browser.
Security researchers Jan Vojtěšek, Milánek, and Przemek Gmerek of Avast have been credited with reporting the flaw on October 25, 2022.
“Google is conscious of reviews that an exploit for CVE-2022-3723 exists in the wild,” the internet huge acknowledged in an advisory without having finding into extra particulars about the nature of the attacks.
CVE-2022-3723 is the 3rd actively exploited type confusion bug in V8 this 12 months soon after CVE-2022-1096 and CVE-2022-1364.
The hottest deal with also marks the resolution of the seventh zero-working day in Google Chrome considering that the start of 2022 –
- CVE-2022-0609 – Use-soon after-free of charge in Animation
- CVE-2022-1096 – Sort confusion in V8
- CVE-2022-1364 – Form confusion in V8
- CVE-2022-2294 – Heap buffer overflow in WebRTC
- CVE-2022-2856 – Inadequate validation of untrusted input in Intents
- CVE-2022-3075 – Inadequate knowledge validation in Mojo
Users are advised to upgrade to model 107..5304.87 for macOS and Linux and 107..5304.87/.88 for Windows to mitigate opportunity threats.
People of Chromium-primarily based browsers these kinds of as Microsoft Edge, Brave, Opera, and Vivaldi are also recommended to apply the fixes as and when they develop into available.
Located this write-up interesting? Comply with THN on Facebook, Twitter and LinkedIn to study a lot more unique written content we submit.
Some elements of this post are sourced from: