Google patches seventh zero-day exploit in Chrome in 2022

Posted:
in General Discussion edited October 2022
A critical Google Chrome update for the Mac and Windows desktop browsers is available that addresses an actively exploited vulnerability.

Google Chrome is an alternative browser to Safari
Google Chrome is an alternative browser to Safari


Chrome users should update to version 107.0.5304.87 for Mac and version 107.0.5304.87/.88 for Windows as soon as possible to patch against a known active exploit. To update Chrome on Mac:

  1. Launch the Chrome browser

  2. Click on the icon for More -- three vertical dots - at top right

  3. Choose Help

  4. Click on About Google Chrome

  5. If it appears, click on Update Google Chrome

Note that if you have already updated to the latest available version then there won't be an Update Google Chrome button.

This latest patch follows reports suggesting Google Chrome is the most vulnerable browser in 2022.

According to a report from Bleeping Computer, this is Chrome's seventh zero-day vulnerability fix since the start of the year. It patches a bug associated with CVE-2022-3723, which is described as a type confusion bug in the Chrome V8 Javascript engine.

Google didn't provide much information about the bug or how it was exploited for security reasons. Users should update their Chrome browser to ensure they are protected from the latest vulnerabilities.

This update follows an update released on September 2, which also addressed a zero-day vulnerability. It isn't clear how widespread active exploits are, but users should update regardless.

Read on AppleInsider

Comments

  • Reply 1 of 12
    magman1979magman1979 Posts: 1,292member
    Easier solution, grab the icon for this steaming pile of shit drag it to your trash bin.

    Problem solved!
    edited October 2022 lkruppbaconstangappleinsiderusermacxpressAlex_Vwatto_cobra
  • Reply 2 of 12
    lkrupplkrupp Posts: 10,557member
    Easier solution, grab the icon for this steaming pile of shit drag it to your trash bin.

    Problem solved!
    But it’s the world’s most popular browser. So much for the public caring about privacy and security. They don’t.
    watto_cobra
  • Reply 3 of 12
    baconstangbaconstang Posts: 1,103member
    I don't even have chrome on my bumpers!
    Alex_Vwatto_cobra
  • Reply 4 of 12
    macxpressmacxpress Posts: 5,801member
    Chrome in itself is a zero day exploit....
    Alex_Vbaconstangwatto_cobra
  • Reply 5 of 12
    Alex_VAlex_V Posts: 212member
    lkrupp said:
    Easier solution, grab the icon for this steaming pile of shit drag it to your trash bin.

    Problem solved!
    But it’s the world’s most popular browser. So much for the public caring about privacy and security. They don’t.
    I think that the general public don’t really understand what is happening, nor what is at stake. I’ve never read, in the popular press, nor have I seen in the media, a comprehensive account of the data that advertising companies like Google collect, and what they do with our information to profile us etc.. Explaining how Google makes these services available for free and how, for instance, the entire Android business model is constructed upon that foundation would be a great public service. I think that I once people become aware of that, it’ll be a different story. 
    watto_cobra
  • Reply 6 of 12
    chasmchasm Posts: 3,273member
    Alex_V said:
    I’ve never read, in the popular press, nor have I seen in the media, a comprehensive account of the data that advertising companies like Google collect, and what they do with our information to profile us etc. 
    contrachrome.com

    Written and illustrated by the guy Google once hired to explain to their own employees what Chrome was.
    edited November 2022 Alex_Vbaconstangwatto_cobra
  • Reply 7 of 12
    genovellegenovelle Posts: 1,480member
    lkrupp said:
    Easier solution, grab the icon for this steaming pile of shit drag it to your trash bin.

    Problem solved!
    But it’s the world’s most popular browser. So much for the public caring about privacy and security. They don’t.
    They would care if the had any idea. Google owns search and most news organizations depend on google for online ads income. Consumers will never have a clue. Google has wooed the IT departments of many companies into fully supporting only Chrome. So, 1 they have no choice and then they have no idea how horrible it is. 
    watto_cobra
  • Reply 8 of 12
    genovellegenovelle Posts: 1,480member
    Notice how tempered this article is. 7 zero-day exploits in one year. Never heard about the others. This would be front page news if it were apple.  
    watto_cobra
  • Reply 9 of 12
    danvmdanvm Posts: 1,400member
    genovelle said:
    lkrupp said:
    Easier solution, grab the icon for this steaming pile of shit drag it to your trash bin.

    Problem solved!
    But it’s the world’s most popular browser. So much for the public caring about privacy and security. They don’t.
    They would care if the had any idea. Google owns search and most news organizations depend on google for online ads income. Consumers will never have a clue. Google has wooed the IT departments of many companies into fully supporting only Chrome. So, 1 they have no choice and then they have no idea how horrible it is. 
    Looks like Apple doesn't care either, considering the deal they have of making Google Search the default engine in Apple devices.  So maybe Google is not as bad as you think, or Apple doesn't care and choose to do business with them and share their customers with a company that had privacy issues.
    muthuk_vanalingam
  • Reply 10 of 12
    genovellegenovelle Posts: 1,480member
    danvm said:
    genovelle said:
    lkrupp said:
    Easier solution, grab the icon for this steaming pile of shit drag it to your trash bin.

    Problem solved!
    But it’s the world’s most popular browser. So much for the public caring about privacy and security. They don’t.
    They would care if the had any idea. Google owns search and most news organizations depend on google for online ads income. Consumers will never have a clue. Google has wooed the IT departments of many companies into fully supporting only Chrome. So, 1 they have no choice and then they have no idea how horrible it is. 
    Looks like Apple doesn't care either, considering the deal they have of making Google Search the default engine in Apple devices.  So maybe Google is not as bad as you think, or Apple doesn't care and choose to do business with them and share their customers with a company that had privacy issues.
    danvm said:
    genovelle said:
    lkrupp said:
    Easier solution, grab the icon for this steaming pile of shit drag it to your trash bin.

    Problem solved!
    But it’s the world’s most popular browser. So much for the public caring about privacy and security. They don’t.
    They would care if the had any idea. Google owns search and most news organizations depend on google for online ads income. Consumers will never have a clue. Google has wooed the IT departments of many companies into fully supporting only Chrome. So, 1 they have no choice and then they have no idea how horrible it is. 
    Looks like Apple doesn't care either, considering the deal they have of making Google Search the default engine in Apple devices.  So maybe Google is not as bad as you think, or Apple doesn't care and choose to do business with them and share their customers with a company that had privacy issues.
    I guess it depends on the perception. Google is the default because consumers prefer it and it was a part of the original iPhone. It hasn’t been the default on my iphone, iPads,  or Macs in years. I use DuckDuckGo as my default which Apple transfers with each upgrade. Privacy as the default is less of a concern when Apple owns the access via Private APIs. Records from previous cases revealed that Google has never been satisfied with the limited data Apple released to them. It’s one of the reasons Google was willing to screw Apple with Maps on the IPhone by withholding features like turn by turn navigation. So Apple is likely protecting consumers from Google abuses and they have no idea. If Apple made a less popular browser the default, consumers would access it via a browser allowing Google far more access to data and the opportunity to attempt to circumvent the mechanisms in in place to prevent tracking like they have been found and fined for doing more than once. 

    Channeling those searches through Apple allows them to manage the privacy and security 
    watto_cobra
  • Reply 11 of 12
    danvmdanvm Posts: 1,400member
    genovelle said:
    danvm said:
    genovelle said:
    lkrupp said:
    Easier solution, grab the icon for this steaming pile of shit drag it to your trash bin.

    Problem solved!
    But it’s the world’s most popular browser. So much for the public caring about privacy and security. They don’t.
    They would care if the had any idea. Google owns search and most news organizations depend on google for online ads income. Consumers will never have a clue. Google has wooed the IT departments of many companies into fully supporting only Chrome. So, 1 they have no choice and then they have no idea how horrible it is. 
    Looks like Apple doesn't care either, considering the deal they have of making Google Search the default engine in Apple devices.  So maybe Google is not as bad as you think, or Apple doesn't care and choose to do business with them and share their customers with a company that had privacy issues.
    danvm said:
    genovelle said:
    lkrupp said:
    Easier solution, grab the icon for this steaming pile of shit drag it to your trash bin.

    Problem solved!
    But it’s the world’s most popular browser. So much for the public caring about privacy and security. They don’t.
    They would care if the had any idea. Google owns search and most news organizations depend on google for online ads income. Consumers will never have a clue. Google has wooed the IT departments of many companies into fully supporting only Chrome. So, 1 they have no choice and then they have no idea how horrible it is. 
    Looks like Apple doesn't care either, considering the deal they have of making Google Search the default engine in Apple devices.  So maybe Google is not as bad as you think, or Apple doesn't care and choose to do business with them and share their customers with a company that had privacy issues.
    I guess it depends on the perception. Google is the default because consumers prefer it and it was a part of the original iPhone. It hasn’t been the default on my iphone, iPads,  or Macs in years. I use DuckDuckGo as my default which Apple transfers with each upgrade. Privacy as the default is less of a concern when Apple owns the access via Private APIs. Records from previous cases revealed that Google has never been satisfied with the limited data Apple released to them. It’s one of the reasons Google was willing to screw Apple with Maps on the IPhone by withholding features like turn by turn navigation. So Apple is likely protecting consumers from Google abuses and they have no idea. If Apple made a less popular browser the default, consumers would access it via a browser allowing Google far more access to data and the opportunity to attempt to circumvent the mechanisms in in place to prevent tracking like they have been found and fined for doing more than once. 
    Yes, Google Search is the default because customer prefer it, and I think is the best search engine.  But customers also prefer Google Maps, and Apple doesn't have it by default anymore, even though they added turn-by-turn directions years ago.  It's obvious that Google Search is the default because of the billions Apple get from Google every year.  And Apple agreed to that, even though they know about Google privacy issues.  IMO, this contradicts Apple privacy stance.  From a privacy POV, they should develop their own search engine or support smaller ones like DDG.  But right now, they are giving a confusing message by doing business with Google for their search engine and at the same time pushing a privacy message.  
    Channeling those searches through Apple allows them to manage the privacy and security 
    Is interesting that in an interview a few years ago, Tim Cook said that, even though of the security and privacy mechanisms, "it's not a perfect thing". 
    Tim Cook defends Google search deal despite Apple’s privacy focus - The Verge
    Maybe that small imperfection is enough for Google to invest billions every year.  It's obvious that Google is getting something from this deal.  Maybe you did the right thing by changing your default engine to DDG, and Apple should do the same.  Or maybe Apple is right, and Google is trustworthy, and the negatives comments here are wrong.  Who knows...
    edited November 2022 muthuk_vanalingam
  • Reply 12 of 12
    dewmedewme Posts: 5,332member
    Most if not all of the comments here have very little to do with the point of this article. This article is all about the discovery and disclosure of another zero day vulnerability in Google Chrome. This is directly related to how Chrome is implemented and the presence of latent defects that affect the security and integrity of the code itself, not what Google is doing with the code. This is a code quality issue.

    This has nothing to do with what Google is doing to protect the browser and you from security and privacy threats assuming the code is working as Google intended and where Google is unaware that these vulnerabilities are present. What Google does with its code is a different class of security and privacy concern because those reflect Google’s intentions. Nobody (other than bad actors, or good actors depending on which side you’re on) ever intends to put a security or privacy vulnerability/bug into their code. These are not intentional. These are defects that directly override the best intentions of the software developers and question the quality of the software testing process. 

    Okay, Google and Chrome are mentioned here, which I suppose opens up the floodgates of criticism around anything Google does, intentional or otherwise. But it seems like the primary knock on Google here should be to question the quality of their software, not question their search or navigation algorithms. Even then, questioning software quality based on the numbered of identified zero day vulnerabilities needs to be a nuanced discussion. It’s not always the case that finding more bugs/vulnerabilities means there are more bugs/vulnerabilities to be found. You also need to look at who is finding these vulnerabilities, how many eyes are probing for vulnerabilities, how widely the software in question is being used, and whether it’s a closed source or open source code base. 
    muthuk_vanalingamwatto_cobra
Sign In or Register to comment.