Just days after Apple pushed iOS 16.1 with a patch for a critical security flaw, Google has issues an emergency security update for Chrome for Mac that patches its own high-security flaw.
Google warns that it is aware of reports that an exploit for the flaw, CVE-2022-3723, “exists in the wild.” As per its usual procedure, Google didn’t divulge much information about the exploit, other than reporting it is a “Type Confusion” bug that was reported by Jan Vojtěšek, Milánek, and Przemek Gmerek of Avast on October 25. CVE-2022-3723 is the seventh zero-day vulnerability patched by Google this year.
As Bleeping Computer explains, type confusion vulnerabilities generally occur “when the program allocates a resource, object, or variable using a type and then accesses it using a different, incompatible type, resulting in out-of-bounds memory access.” This could allow an attacker to “read sensitive information of other apps, cause crashes, or execute arbitrary code,” none of which are good.
The 107.0.5304.87 update can be installed by going to Preferences > About Chrome > Check for Update. Then click Relaunch to install the new version.