Google has released an emergency security update for the Chrome desktop web browser to address a single vulnerability known to be exploited in attacks. The high-severity flaw (CVE-2022-3723) is a type of confusion bug in the Chrome V8 Javascript engine.

Affected systems

Chrome web browser

https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_27.html

Recommended Actions

The National Cyber Security Authority (NCSA) strongly recommends system administrators:

a. Follow the advisory shared by Google and apply suggested mitigations to lower the risk of vulnerability exploitation.

b. Upgrade to version 107.0.5304.87 for macOS and Linux and 107.0.5304.87/.88 for Windows to mitigate potential threats.

For further information and support, please contact NCSA by email at rwcsirt@ncsa.gov.rw or call us on 9009.

References

https://thehackernews.com/2022/10/google-issues-urgent-chrome-update-to.html

https://www.bleepingcomputer.com/news/security/google-fixes-seventh-chrome-zero-day-exploited-in-attacks-this-year/