Google patches type confusion bug in Chrome for which exploit existed

Spread the love

Google has fixed a zero day in Chrome. A type of confusion bug in the Javascript engine already had an exploit, although Google provides few details. It will be the seventh time in 2022 that a zero day will be patched in Chrome.

google mentions the zeroday in a blog post, but the company gives few details about it. It is the only patch to be implemented for now. The fix is ​​in the Stable version of 107.0.5304.87/.88 of Chrome.

Google provides few details about the vulnerability. The company usually waits until the update has been implemented by many users. The bug is classified as High, and has been coded CVE-2022-3723. This is a type of confusion vulnerability in Chrome’s V8 JavaScript engine. In that case, the engine does not properly check what type of object is being loaded. In severe cases, this could allow an attacker to execute code, but the impact is unknown in this case.

Google says an exploit for the bug exists, but the company doesn’t provide any details as usual. It is also not clear whether the bug was actively exploited through that exploit. It will be the seventh time in 2022 that Google will fix a zero day in Chrome. The vulnerability was raised by three outside security researchers, Avast’s Jan Vojtěšek, Milánek and Przemek Gmerek.

You might also like