Google chrome issues urgent zero-day fix – update now!

Google pushed out a bunch of security fixes for the Chrome and Chromium browser code earlier this week, after receive a vulnerability report from researchers.

Google’s response was to push out another update as soon as it could: a one-bug fix dealing with CVE-2022-3723, described with Google’s customary we-can-neither-confirm-nor-deny legalism saying:

Google is aware of reports that an exploit for CVE-2022-3723 exists in the wild.

(Apple also regularly uses a similarly disengaged flavour of OMG-everybody-there’s-an-0-day notification, using words to the effect that it “is aware of a report that [an] issue may have been actively exploited”.)

This Chrome update means that you’re now looking for a version number of 107.0.5304.87 or later.

Confusingly, that’s the version number to expect on Mac or Linux, while Windows users may get 107.0.5304.87 or 107.0.5304.88, and, no, we don’t know why there are two different numbers there.

For what it’s worth, the cause of this security hole was described as “type confusion in V8”, which is jargon for “there was an exploitable bug in the JavaScript engine that could be triggered by untrusted code and untrusted data that came in apparently innocently from outside”.

Loosely speaking, that means it’s almost certain that merely visiting and viewing a booby-trapped website – something that’s not supposed to lead you into harm’s way on its own – could be enough to launch rogue code and implant malware on your device, without any popups or other download warnings.