A few days after Apple released iOS 16.1 with a patch for a critical vulnerability, Google released an emergency security update for Chrome for Mac that fixes the high security vulnerability.
Google warns that it is aware of reports that the exploit for CVE-2022-3723 is wild. As usual, Google doesn't reveal much about the vulnerability, with the exception of the "Type Confusion" bug, which was reported on October 25 by Jan Wojtešek, Milanek, and Przemek Gbrand of Avast. CVE-2022-3723 is the seventh zero-day vulnerability patched by Google this year.
As Bleeping Computer describes, type obfuscation vulnerabilities typically occur when "a program allocates a resource, object, or variable using one type and then accesses it using another incompatible type, resulting in improper memory access." This can allow an attacker to "read sensitive information, cause a crash, or execute arbitrary code in another application," but all of that is bad.
No comments:
Post a Comment