For those that use Google Chrome on Mac, you may want to update your browser to the latest version due to an exploit forcing an emergency security update.
Google has sent out an emergency security update for Chrome, which patches an exploit that “exists in the wild”.
Security Update to Google Chrome Fixes Type Confusion Bug
As observed by MacWorld, Google is warning users that the company is currently aware of various reports regarding an exploit for CVE-2022-3723 that “exists in the wild”.
The new update provides a fix for this exploit, which Google describes as a “Type Confusion” bug. According to Google, Jan Vojtěšek, Milánek, and Przemek Gmerek of Avast made a report of the bug at the end of October. MacWorld also notes that this is the seventh zero-day vulnerability Google has had to patch this year.
Additionally, Google is skimping on the details concerning this vulnerability. At least, the company is keeping details scant until a “majority of users are updated with a fix”. Google also stated that restrictions will remain in place if the bug is found to exist “in a third party library that other projects similarly depend on, but haven’t fixed yet”.
According to the report, Bleeping Computer stated a Type Confusion vulnerability can occur “when the program allocates a resource, object, or variable using a type and then accesses it using a different, incompatible type”. According to the source, this results in out-of-bounds memory access, which allows attackers to be able to access sensitive information across other apps, spur crashes or even “execute arbitrary code”. You can sort of think of it like someone using a phony ticket to get into a concert and then causing havoc.
For Mac users running Google Chrome, the new update can be found in Chrome > Preferences > About Chrome > Check for Update. User then click on “Relaunch Chrome” to allow the update to finish.
Further Provocations
This news arrives alongside another report that a bug found in macOS Ventura revokes the Full Disk Access provided to a user’s Malware-busting software. Those on the current version of Ventura should reenable Full Disk Access for their Malware software, and Jeff Butts has provided a handy guide on how to accomplish this.
Of course, always do your best to keep your software as up-to-date as possible.
You can read Google’s official report here.
Have you updated Google Chrome on your Mac? Let us know in the comments.