Google recently patched its 7th zero-day exploit in Google Chrome and is urging its users to update their browsers immediately. Chrome users urged to update as Google patches seventh zero-day exploit this year
Zero-day exploits are at the top of online security risks, as these exploits expose the data of millions of users online and are actively exploited in cyberattacks.
The vulnerability, identified as CVE-2022-3723, involves a collection of back-end libraries called Mojo. Every Chromium-based browser uses these libraries, including Opera, Brave and Microsoft Edge.
Google has acted quickly in solving this critical vulnerability of Google Chrome, issuing an emergency update within 48 hours of the report. The update fixing this issue is rolling out to Google Chrome version 105.0.5195.102.
ALSO READ THIS : Xiaomi 13 series expected to be launched by December 2022
Chrome users urged to update as Google patches seventh zero-day exploit this year
Google is withholding the exact information about the security fix until most users have updated their browsers to the latest version.
What is a zero-day exploit?
A zero-day exploit is a cyber attack targeting a software vulnerability which is unknown to a software vendor like Google. The attackers identify a software vulnerability and create an exploit to use it for an attack.
The attacks are likely to succeed because defenses aren’t in place. This makes zero-day attacks a severe security threat. The most common targets of these attacks are Web browsers like Chrome.
Zero-day exploits are top of the list when it comes to online security threats and Google Chrome, thanks to its ubiquity, is an extremely common vector for them. Such security holes can expose millions of users who rely on that browser every day.
There have been a handful of zero-day exploits identified and patched by the Chrome developer team this year. We can now add another to the list for 2022.
The vulnerability, identified as CVE-2022-3723, was first reported as a type confusion exploit by security research firm Avast on October 25, as Bleeping Computer reports.
Such an exploit takes advantage of when a program uses a particular base type to access a resource and then later tries to access the same resource with an incompatible base type, effectively confusing the system and returning an out-of-bounds memory access error.
This particular exploit allows suspicious programs to access parts of the device’s memory that would traditionally be out of reach. Attackers can then potentially go through sensitive app data stored within the device.
In the past, malicious actors have leveraged this vulnerability on programs like PHP, Adobe Flash, and Mozilla Firefox.
The good news here is that Google has patched the vulnerability and that Chrome desktop users can now access the security update posted by the dev team, carrying the version number 107.0.5304.87/88.
The company is withholding further details about the issue on its side while the update is being distributed. You can pick up the patch yourself by heading over to Settings and then About Chrome.
You will need to relaunch Chrome for the changes to take full effect.
Bleeping Computer notes that this is the seventh zero-day exploit patched by Google this year compared to 58 for the whole of 2021. The last announced patch came in July.
The Chrome dev team patched CVE-2022-2294, which was being used to target journalists in the Middle East, specifically Lebanon, Palestine, Turkey, and Yemen.
A critical Google Chrome update for the Mac and Windows desktop browsers is available that addresses an actively exploited vulnerability.
Chrome users should update to version 107.0.5304.87 for Mac and version 107.0.5304.87/.88 for Windows as soon as possible to patch against a known active exploit. To update Chrome on Mac:
Launch the Chrome browser
Click on the icon for More — three vertical dots – at top right
Choose Help
Click on About Google Chrome
If it appears, click on Update Google Chrome
Note that if you have already updated to the latest available version then there won’t be an Update Google Chrome button.
According to a report from Bleeping Computer, this is Chrome’s seventh zero-day vulnerability fix since the start of the year. It patches a bug associated with CVE-2022-3723, which is described as a type confusion bug in the Chrome V8 Javascript engine.
Google didn’t provide much information about the bug or how it was exploited for security reasons. Users should update their Chrome browser to ensure they are protected from the latest vulnerabilities.
This update follows an update released on September 2, which also addressed a zero-day vulnerability. It isn’t clear how widespread active exploits are, but users should update regardless.
ALSO READ THIS : Google Chrome 108 Beta: Everything you can expect
ALSO READ THIS : 10 of the spookiest Android games for Halloween 2022
ALSO READ THIS : Apple pushes new MacBook Pro and Mac mini updates to 2023, report says
ALSO READ THIS : Kuo: iPhone 15 Pro may not get this Main camera upgrade after all