Google on Thursday rolled out emergency fixes to contain an actively exploited zero-day flaw in its Chrome web browser.
Security researchers Jan Vojtěšek, Milánek, and Przemek Gmerek of Avast have been credited with reporting the flaw on October 25, 2022.
"Google is aware of reports that an exploit for CVE-2022-3723 exists in the wild," the internet giant acknowledged in an advisory without getting into more specifics about the nature of the attacks.
CVE-2022-3723 is the third actively exploited type confusion bug in V8 this year after CVE-2022-1096 and CVE-2022-1364.
Are you aware of the risks associated with third-party app access to your company's SaaS apps? Join our webinar to learn about the types of permissions being granted and how to minimize risk.RESERVE YOUR SEAT
The latest fix also marks the resolution of the seventh zero-day in Google Chrome since the start of 2022 -
- CVE-2022-0609 - Use-after-free in Animation
- CVE-2022-1096 - Type confusion in V8
- CVE-2022-1364 - Type confusion in V8
- CVE-2022-2294 - Heap buffer overflow in WebRTC
- CVE-2022-2856 - Insufficient validation of untrusted input in Intents
- CVE-2022-3075 - Insufficient data validation in Mojo
Users are recommended to upgrade to version 107.0.5304.87 for macOS and Linux and 107.0.5304.87/.88 for Windows to mitigate potential threats.
Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.