Zero-day exploits are at the top of online security risks, as these exploits expose the data of millions of users online and are actively exploited in cyberattacks. Google recently patched its 7th zero-day exploit in Google Chrome and is urging its users to update their browsers immediately.
The vulnerability, identified as CVE-2022-3723, involves a collection of back-end libraries called Mojo. Every Chromium-based browser uses these libraries, including Opera, Brave and Microsoft Edge. Google has acted quickly in solving this critical vulnerability of Google Chrome, issuing an emergency update within 48 hours of the report. The update fixing this issue is rolling out to Google Chrome version 105.0.5195.102. Google is withholding the exact information about the security fix until most users have updated their browsers to the latest version.
What is a zero-day exploit?
A zero-day exploit is a cyber attack targeting a software vulnerability which is unknown to a software vendor like Google. The attackers identify a software vulnerability and create an exploit to use it for an attack. The attacks are likely to succeed because defenses aren’t in place. This makes zero-day attacks a severe security threat. The most common targets of these attacks are Web browsers like Chrome.
What is CVE-2022-3723?
An anonymous security researcher submitted this vulnerability to Google. Avast security researchers later confirmed the report on October 25th. CVE-2022-3723 is a ‘type confusion’ issue with Chrome’s V8 JavaScript engine.
This category of vulnerability poses a high risk to the user’s data, as hackers might use the ‘type confusion’ error to confuse the system and return an out-of-bounds memory access error. Thus allowing suspicious programs to access parts of the device’s memory that wouldn’t have been possible before. Which could lead to them getting control of the users’ system and going through sensitive app data.
This was the seventh zero-day vulnerability discovered and patched this year as reported by Bleeping Computer. The last announced patch came in July. The exploit CVE-2022-2294 was being used to spy on journalists around the world.
How to update Chrome
To tackle the zero-day exploit, Google is urging us to update Chrome immediately. Updating Chrome on Mac or Windows is the same. On their desktops, users can update Chrome by heading over to Settings, then About Google Chrome, and installing the latest update.
On Android, users can head over to the Google Play Store, go to Manage Apps and Device and check for updates for Google Chrome. Similarly, on iOS, users can open the App Store, tap on their Profile, scroll down to “Available Updates” and search for Google Chrome.
2022-10-31 15:06:37