ZinnoX Cybersecurity

Menu
Avail Free Trial/Demo

What is Zero-day?

An attack will be identified as zero-day, when a hacker manipulates the flaw before the developer does. Hence the developer loses the chance to deal with it.

According to securityintelligence.com Compared with 2019, the number of zero-day exploits in 2021 thrived by more than 100%, implying that during the last decade, about 40% of all zero attacks rose in 2021 independently. These zero-days are increasing in number even in 2022.

Zero-day faced by Google:

 As discussed, one of the most elite companies, Google, faced its 7th zero-day in 2022.Google recently displayed crisis binds to include an actively exploited zero-day flaw in its Chrome web browser.

Jan Vojtesek, Milánek, and Przemek Gmerek of Avast reported the zero-day. A type of confusion characterizes zero-day shortcomings in the V8 JavaScript engine; they call that vulnerability as CVE 2022-3723.

According to nvd.nist.gov, Google is aware of reports that an exploit for CVE 2022-3723 exists in the wild. The internet advisory did not entirely acknowledge the nature of the attacks.

Weakness of CVE 2022-3723:

According to COMMON WEAKNESS ENUMERATION CWE-843. It defines the Access of Resources Using Incompatible Types, also called type confusion. By using one type, the program allocates or initializes a resource, such as a pointer, object, or variable. Still, it later accesses that resource using a style incompatible with the original type.

The program initially uses resources like a pointer, objects, or variables, but it later accesses those assets using a type incompatible with the original one, called the type of confusion.

Google Chrome for Mac/Linux < 107.0.5304.87

Google Chrome for Windows < 107.0.5304.87

 Mitigation of CVE 2022-3723:

The affected users can switch or upgrade their system to the secured version. The official security version to fix this vulnerability was declared, according to nsfocusglobal.com

Below are the affected and updated versions of the zero-day.

Affected version:

  • Google Chrome for Mac/Linux < 107.0.5304.87
  • Google Chrome for Windows < 107.0.5304.87

Unaffected version:

  • Google Chrome for Mac/Linux >= 107.0.5304.87
  • Google Chrome for Windows >= 107.0.5304.87/.88

 

Posted on: October 23rd 2022