CVE-2022-3723

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 107.0.5304.87

Description The issue is related to a type confusion in the V8 engine of Google Chrome, which could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This is described as a high severity issue. The vulnerability was discovered by researchers at Avast and reported to the developer on October 25. It is noted that this is the seventh 0-day vulnerability in Chrome fixed by Google this year, and the second attributed to Avast. There is no information provided about the estimated number of potentially affected devices worldwide or specific details about real-world incidents where this issue was exploited, beyond it being actively exploited.

Recommendations For Google Chrome versions prior to 107.0.5304.87, update to version 107.0.5304.87 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable web pages or modules until the update can be applied.