Google has recently released an emergency security fix to patch a Zero-Day vulnerability CVE-2022-3723. This vulnerability was in the Chrome browser application. Although the previous security patch was present on Tuesday (October 25th), this patch is within a gap of two days, i.e., on Thursday (October 27th), as this Zero-Day flaw was under Active exploitation by the attackers. A Vulnerability Management Software can prevent these attacks.
This is the seventh Zero-Day vulnerability fix by Google this year. This Zero-Day flaw is tracking as CVE-2022-3723 and is a high severity rating by Google. There are no known PoCs available at the time of publishing this blog. A good Vulnerability management tool can solve these issues.
Zero-Day CVE-2022-3723:
Chrome browser’s V8 engine is the component that is affecting itself by this vulnerability. V8 is an open-source JavaScript engine developed by the Chromium project for its web browsers. Here, the vulnerability is exploited by a Type of Confusion flaw in its V8 engine. Type Confusion vulnerability arises when the program allocates a particular type of resource to an object or a variable and then accesses a different type of resource. When there is a compatibility issue in the type of resource allocation. The confusion in this process leads to this kind of vulnerability. Jan Vojt reported this vulnerability.
Google, in its advisory has stressed the severity of this flaw by mentioning,
“Google is aware of reports that an exploit for CVE-2022-3723 exists in the wild.“
Affected Products by CVE-2022-3723
Google Chrome version before 107.0.5304.87 for Mac and Linux and 107.0.5304.87/.88 for Windows.
Impact of CVE-2022-3723
The Type of Confusion vulnerability in the V8 engine allows attackers to execute arbitrary code on the affected system or cause denial-of-service attacks.
Solution
Google has rolled out security updates addressing the issue in Google Chrome version 107.0.5304.87 for Mac and Linux and 107.0.5304.87/.88 for Windows.
SanerNow detects these vulnerabilities and automatically fixes them by applying security updates. Use SanerNow to keep your systems updated and secure. We strongly recommend applying the security updates as soon as possible following the instructions published in our support article.