Zero-day exploits are top of the list when it comes to online security threats and Google Chrome, thanks to its ubiquity, is an extremely common vector for them. Such security holes can expose millions of users who rely on that browser every day. There have been a handful of zero-day exploits identified and patched by the Chrome developer team this year. We can now add another to the list for 2022.

The vulnerability, identified as CVE-2022-3723, was first reported as a type confusion exploit by security research firm Avast on October 25, as BleepingComputer reports.

Such an exploit takes advantage of when a program uses a particular base type to access a resource and then later tries to access the same resource with an incompatible base type, effectively confusing the system and returning an out-of-bounds memory access error. This particular exploit allows suspicious programs to access parts of the device's memory that would traditionally be out of reach. Attackers can then potentially go through sensitive app data stored within the device. In the past, malicious actors have leveraged this vulnerability on programs like PHP, Adobe Flash, and Mozilla Firefox.

The good news here is that Google has patched the vulnerability and that Chrome desktop users can now access the security update posted by the dev team, carrying the version number 107.0.5304.87/88. The company is withholding further details about the issue on its side while the update is being distributed. You can pick up the patch yourself by heading over to Settings and then About Chrome. You will need to relaunch Chrome for the changes to take full effect.

BleepingComputer notes that this is the seventh zero-day exploit patched by Google this year compared to 58 for the whole of 2021. The last announced patch came in July, the Chrome dev team patched CVE-2022-2294, which was being used to target journalists in the Middle East, specifically Lebanon, Palestine, Turkey, and Yemen.