Google Chrome has issued an urgent fix for an actively exploited zero-day bug in its browser.
This is the seventh Chrome actively exploited zero-day flaw this year, underscoring how big of a target it has become for cyberattacks.
As users scramble to patch, Google isn’t releasing many details about the vulnerability, tracked under CVE-2022-3723, except to note that it’s a type confusion bug in V8, which is Google’s open source high-performance JavaScript and WebAssembly engine. Type confusion bugs are can lead to out-of-bounds memory access and arbitrary code execution, according to MITRE.
“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” Google said in its urgent update. “We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.”
