Google on Thursday rolled out unexpected emergency fixes to consist of an actively exploited zero-working day flaw in its Chrome web browser.
The vulnerability, tracked as CVE-2022-3723, has been explained as a sort confusion flaw in the V8 JavaScript motor.
Security researchers Jan Vojtěšek, Milánek, and Przemek Gmerek of Avast have been credited with reporting the flaw on October 25, 2022.
Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
“Google is conscious of reviews that an exploit for CVE-2022-3723 exists in the wild,” the internet huge acknowledged in an advisory without having finding into extra particulars about the nature of the attacks.
CVE-2022-3723 is the 3rd actively exploited type confusion bug in V8 this 12 months soon after CVE-2022-1096 and CVE-2022-1364.
The hottest deal with also marks the resolution of the seventh zero-working day in Google Chrome considering that the start of 2022 –
- CVE-2022-0609 – Use-soon after-free of charge in Animation
- CVE-2022-1096 – Sort confusion in V8
- CVE-2022-1364 – Form confusion in V8
- CVE-2022-2294 – Heap buffer overflow in WebRTC
- CVE-2022-2856 – Inadequate validation of untrusted input in Intents
- CVE-2022-3075 – Inadequate knowledge validation in Mojo
Users are advised to upgrade to model 107..5304.87 for macOS and Linux and 107..5304.87/.88 for Windows to mitigate opportunity threats.
People of Chromium-primarily based browsers these kinds of as Microsoft Edge, Brave, Opera, and Vivaldi are also recommended to apply the fixes as and when they develop into available.
Located this write-up interesting? Comply with THN on Facebook, Twitter and LinkedIn to study a lot more unique written content we submit.
Some elements of this post are sourced from:
thehackernews.com