{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2022-075.pdf"
    },
    "title": "Type Confusion Vulnerability in Chrome Browser",
    "serial_number": "2022-075",
    "publish_date": "28-10-2022 15:30:00",
    "description": "On October 27, 2022, Google released a new version of its Chrome browser fixing a high-severity flaw, identified by \"CVE-2022-3723\". Google is aware of reports that an exploit for CVE-2022-3723 exists in the wild. It is highly recommended to apply the update.",
    "url_title": "2022-075",
    "content_markdown": "---\ntitle: 'Type Confusion Vulnerability in Chrome Browser'\nversion: '1.0'\nnumber: '2022-075'\noriginal_date: 'October 27, 2022'\ndate: 'October 28, 2022'\n---\n\n_History:_\n\n* _28/10/2022 --- v1.0 -- Initial publication_\n  \n# Summary\n\nOn October 27, 2022, Google released a new version of its Chrome browser fixing a high-severity flaw, identified by `CVE-2022-3723` [1]. Google is aware of reports that an exploit for CVE-2022-3723 exists in the wild. It is highly recommended to apply the update.\n\n# Technical Details\n\nThe `CVE-2022-3723` is a type confusion in the V8 engine. Type confusion vulnerabilities arise when a program allocates or initialises a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type [2], potentially allowing an attacker to perform out-of-bound memory access.\n\nGoogle keeps the access to bug details and links restricted until a majority of users are updated with a fix. \n\n# Affected Products\n\n* Google Chrome for Mac, Windows and Linux before version `107.0.5304.87`.\n\n# Recommendations\n\nCERT-EU recommends updating to the latest version.\n\n# References\n\n[1] <https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_27.html>\n\n[2] <https://cwe.mitre.org/data/definitions/843.html>\n",
    "content_html": "<p><em>History:</em></p><ul><li><em>28/10/2022 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>On October 27, 2022, Google released a new version of its Chrome browser fixing a high-severity flaw, identified by <code>CVE-2022-3723</code> [1]. Google is aware of reports that an exploit for CVE-2022-3723 exists in the wild. It is highly recommended to apply the update.</p><h2 id=\"technical-details\">Technical Details</h2><p>The <code>CVE-2022-3723</code> is a type confusion in the V8 engine. Type confusion vulnerabilities arise when a program allocates or initialises a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type [2], potentially allowing an attacker to perform out-of-bound memory access.</p><p>Google keeps the access to bug details and links restricted until a majority of users are updated with a fix. </p><h2 id=\"affected-products\">Affected Products</h2><ul><li>Google Chrome for Mac, Windows and Linux before version <code>107.0.5304.87</code>.</li></ul><h2 id=\"recommendations\">Recommendations</h2><p>CERT-EU recommends updating to the latest version.</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_27.html\">https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_27.html</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://cwe.mitre.org/data/definitions/843.html\">https://cwe.mitre.org/data/definitions/843.html</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}