Google Chrome has issued an urgent fix for an actively exploited zero-day bug in its browser. 

This is the seventh Chrome actively exploited zero-day flaw this year, underscoring how big of a target it has become for cyberattacks. 

As users scramble to patch, Google isn’t releasing many details about the vulnerability, tracked under CVE-2022-3723, except to note that it’s a type confusion bug in V8, which is Google’s open source high-performance JavaScript and WebAssembly engine. Type confusion bugs are can lead to out-of-bounds memory access and arbitrary code execution, according to MITRE.

“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” Google said in its urgent update. “We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.” 

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Source: www.darkreading.com