“Zero-day” is a broad term that describes security vulnerabilities which hackers can use to attack systems. The term “zero-day” refers to the fact that the vendor or developer has only just learned of the flaw having “zero days” to fix it. A zero-day attack takes place when hackers exploit the flaw before developers or vendors have a chance to address it. When a vulnerability becomes known, the developers try to patch it to stop the zero-day attack. The zero-day vulnerabilities are treacherous because some advanced cybercriminal groups use them strategically to exploit high-value targets and conglomerates. Even after a patch is developed, users must still update their systems. If they don’t, attackers can continue to take advantage of a zero-day exploit until the system is patched.
A report published by darkreading highlights that Google’s Chrome suffered a series of zero-day threats causing Google to issue an emergency update to patch actively exploited Zero-Day Vulnerability. The vulnerability , tracked as CVE-2022-3723 carries a “High” severity rating and has been described as a type of confusion flaw in the V8 JavaScript engine used in the web browser. The vulnerability exists because of type confusion errors and it arises when a resource (e.g., a variable or an object) is accessed using a type that is incompatible to what was originally initialized. The V8 JavaScript is Google’s open source advanced performance JavaScript and WebAssembly engine, a bug in it can trigger logical errors allowing an attacker to read from sections of memory that should be out of bound, thereby potentially exposing sensitive details. Depending on the specific exploit, this type of flaw could also enable an attacker to remotely launch arbitrary code by convincing targeted users into visiting a malicious website essentially tricking Chrome into running malicious code.
This is the seventh zero-day vulnerability patched by Google Chrome so far this year, understating the importance of leveraging every trick in the book to keep Chrome/Chromium browsers updated. The urgent announcement of Google’s security update addressing this single, high-severity issue brings into light the notion that these single-issue security updates are rare, and the release within 48 hours across Windows, Mac, Linux, and Android serves to emphasize the potential impact CVE-2022-3723 could have on Chrome users. It’s typical for Google and other firms to temporarily withhold details about a zero-day security flaw until a majority of users have applied the fix. Otherwise, it just makes it easier for hackers to leverage the exploit and wreak havoc to a wider base of users.The third-party browsers based on Chromium, such as Microsoft Edge should also be updated. Users are recommended by Google to upgrade to version 107.0.5304.87 for macOS and Linux,107.0.5304.87 or 107.0.5304.88 for Windows, 107.0.5304.91 for Android, to mitigate potential threats.
If you’re among the more than 3 billion users of Google’s Chrome browser take a moment to apply the latest patch including enforced limits on browsers alongwith refreshing after an update to be able to scan and remediate threat actors easily. Google’s security patch plugs up a gaping security hole that zero-day hackers are known to be actively exploiting in the wild; it is strongly recommended to upgrade the Google Chrome web browser as soon as possible.
