Quick Hits

Urgent: Google Issues Emergency Patch for Chrome Zero-Day

With scant details attached, Google Chrome seeks to shore up yet another exploited zero-day vulnerability.

Google Chrome has issued an urgent fix for an actively exploited zero-day bug in its browser. 

This is the seventh Chrome actively exploited zero-day flaw this year, underscoring how big of a target it has become for cyberattacks. 

As users scramble to patch, Google isn't releasing many details about the vulnerability, tracked under CVE-2022-3723, except to note that it's a type confusion bug in V8, which is Google's open source high-performance JavaScript and WebAssembly engine. Type confusion bugs are can lead to out-of-bounds memory access and arbitrary code execution, according to MITRE.

"Access to bug details and links may be kept restricted until a majority of users are updated with a fix," Google said in its urgent update. "We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed."