Google has released an emergency update for the Chrome 107 to address an actively exploited zero-day vulnerability tracked as CVE-2022-3723.
This is the seventh Chrome zero-day fixed by Google this year, below is the full list:
- CVE-2022-3075 (September 2) – Insufficient data validating in the Mojo collection of runtime libraries.
- CVE-2022-2856 (August 17) – Insufficient validation of untrusted input in Intents
- CVE-2022-2294 (July 4) – Heap buffer overflow in the Web Real-Time Communications (WebRTC) component
- CVE-2022-0609 – (February 14) – use after free issue that resides in the Animation component.
Google did not disclose details about the attack and did not attribute them to a specific threat actor.
At this time is is unclear if the attacks exploiting the CVE-2022-3723 flaws are part of the operation detailed by Avast.
Users are recommended to upgrade to version 107.0.5304.87 for macOS and Linux and 107.0.5304.87/.88 for Windows to mitigate potential threats.