- Google announced that the stable channel has been updated to 107.0.5304.87 for Mac and Linux and 107.0.5304.87/.88 for Windows.
- Google announced that the vulnerability is a Type Confusion in V8, which is tracked as CVE-2022-3723.
- The vulnerability was reported by Jan Vojtěšek, Milánek, and Przemek Gmerek from Avast on October 25.
Google published an update and urged Chrome users to apply the patch immediately. The update addresses a zero-day vulnerability, which is under attack. Currently, the stable channel has been updated to 107.0.5304.87 for Mac and Linux and 107.0.5304.87/.88 for Windows.
Under active exploitation
Google will be rolling out the latest version over the coming days/weeks and a full list of changes that will be included in the build is available in the log.
According to the announcement, Jan Vojtěšek, Milánek, and Przemek Gmerek of Avast reported the vulnerability to the tech giant. The bounty is not decided yet and bug details and links may be kept restricted until a majority of users are updated with a fix. Google only announced that it is a high-severity vulnerability, tracked as CVE-2022-3723, which is a type confusion in V8.
This is not the first time a type confusion buy in Chrome being exploited. This year, there were 2 other type confusion bugs in V8 that were exploited.