Security Advisory 2022-075

Release Date:

Type Confusion Vulnerability in Chrome Browser

Download

History:

  • 28/10/2022 --- v1.0 -- Initial publication

Summary

On October 27, 2022, Google released a new version of its Chrome browser fixing a high-severity flaw, identified by CVE-2022-3723 [1]. Google is aware of reports that an exploit for CVE-2022-3723 exists in the wild. It is highly recommended to apply the update.

Technical Details

The CVE-2022-3723 is a type confusion in the V8 engine. Type confusion vulnerabilities arise when a program allocates or initialises a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type [2], potentially allowing an attacker to perform out-of-bound memory access.

Google keeps the access to bug details and links restricted until a majority of users are updated with a fix.

Affected Products

  • Google Chrome for Mac, Windows and Linux before version 107.0.5304.87.

Recommendations

CERT-EU recommends updating to the latest version.

References

[1] https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_27.html

[2] https://cwe.mitre.org/data/definitions/843.html

We got cookies

We only use cookies that are necessary for the technical functioning of our website. Find out more on here.