untitled design

Google has fixed a zero-day vulnerability in Chrome. Seventh this year

Google has released an emergency security update for the desktop version of the Chrome browser. This update resolves the only vulnerability that appears to be exploited in 0-day attacks. The CVE-2022-3723 vulnerability is a bug in the Chrome V8 Javascript engine, which was discovered by analysts from Avast.

The search giant did not provide details about the exploit due to security concerns, but users are advised to update their browser to version 107.0.5304.87/88, which already fixes this issue. The company promises to disclose information about the vulnerability only after the majority of users install the fix.

Typically, these vulnerabilities occur when a program allocates a resource, object, or variable using one type and then accesses it using another (incompatible) type. This results in memory access outside of the bounds of the allocated area. Thus, an attacker can read sensitive information from other applications, cause a crash, or execute arbitrary code.

This is the seventh zero-day vulnerability in Chrome that Google has patched this year. Some of them were allegedly government-sponsored for several weeks before the company’s specialists discovered and fixed them.

Source: Trash Box

You may also like

Get the latest

Stay Informed: Get the Latest Updates and Insights

 

Most popular