{"id":1731532,"date":"2022-10-29T11:08:55","date_gmt":"2022-10-29T15:08:55","guid":{"rendered":"https:\/\/wordpress-1016567-4521551.cloudwaysapps.com\/?post_type=station&#038;p=1731532"},"modified":"2022-10-29T18:38:23","modified_gmt":"2022-10-29T22:38:23","slug":"chrome-issues-urgent-zero-day-fix-update-now","status":"publish","type":"station","link":"https:\/\/platodata.io\/plato-data\/chrome-issues-urgent-zero-day-fix-update-now\/","title":{"rendered":"Chrome issues urgent zero-day fix \u2013 update now!"},"content":{"rendered":"<div><\/div>\n<div class=\"entry-prefix\">\n<div class=\"entry-author\">\n<p>\t\t\t\t\t<span class=\"by\">by<\/span><br \/>\n\t\t\t<a href=\"https:\/\/nakedsecurity.sophos.com\/author\/paul-ducklin\/\" title=\"Posts by Paul Ducklin\" class=\"author url fn\" rel=\"author\">Paul Ducklin<\/a>\t\t<\/p><\/div><\/div>\n<p>Google pushed out a bunch of security fixes for the Chrome and Chromium browser code earlier this week\u2026<\/p>\n<p>\u2026only to receive a vulnerability report from researchers at cybersecurity company Avast on the very same day.<\/p>\n<p>Google\u2019s response was to push out <a href=\"https:\/\/chromereleases.googleblog.com\/2022\/10\/stable-channel-update-for-desktop_27.html\" rel=\"nofollow\">another update<\/a> as soon as it could: a one-bug fix dealing with <strong>CVE-2022-3723,<\/strong> described with Google\u2019s customary we-can-neither-confirm-nor-deny legalism saying:<\/p>\n<blockquote>\n<p>Google is aware of reports that an exploit for CVE-2022-3723 exists in the wild.<\/p>\n<\/blockquote>\n<p>(Apple also regularly uses a similarly disengaged flavour of OMG-everybody-there\u2019s-an-0-day notification, using words to the effect that it \u201cis aware of a report that [an] issue may have been actively exploited\u201d.)<\/p>\n<p>This Chrome update means that you\u2019re now looking for a version number of <strong>107.0.5304.87<\/strong> or later. <\/p>\n<p>Confusingly, that\u2019s the version number to expect on Mac or Linux, while Windows users may get <strong>107.0.5304.87<\/strong> or <strong>107.0.5304.88<\/strong>, and, no, we don\u2019t know why there are two different numbers there.<\/p>\n<p>For what it\u2019s worth, the cause of this security hole was described as <em>\u201ctype confusion in V8\u201d<\/em>, which is jargon for \u201cthere was an exploitable bug in the JavaScript engine that could be triggered by untrusted code and untrusted data that came in apparently innocently from outside\u201d.<\/p>\n<p>Loosely speaking, that means it\u2019s almost certain that merely visiting and viewing a booby-trapped website\u00a0\u2013 something that\u2019s not supposed to lead you into harm\u2019s way on its own\u00a0\u2013 could be enough to launch rogue code and implant malware on your device, without any popups or other download warnings.<\/p>\n<p>That\u2019s what\u2019s known in cybercrime slang as a <em>drive-by install<\/em>.<\/p>\n<aside id=\"sophos_ad-3\" class=\"widget sophos-inline-ad sophos_widget_ad\">\t\t\t\t.s-button+.s-button { margin-left: .3125rem; } .s-button { transition: all .15s linear; font-size: .875rem; line-height: 1.5; color: #f2f2f2; font-family: SophosSansMedium, Helvetica Neue, Helvetica, Arial, sans-serif; font-weight: 400; font-style: normal; display: inline-block; padding: .3125rem 1.25rem; cursor: pointer; text-align: center; text-decoration: none; border: 1px solid #005bc8; border-radius: 3px; background-color: #005bc8; text-shadow: none; } .s-button:hover { text-decoration: none; color: #fff; border-color: #002d62; background-color: #002d62; } .s-button&#8211;white, .s-button&#8211;white:hover { color: #005bc8 !important; border-color: #fff; background-color: #fff; } .s-ad-sophos-mdr { font-size: 1rem; line-height: 1.5; color: #242629; font-family: SophosSansRegular, Helvetica Neue, Helvetica, Arial, sans-serif; font-weight: 400; font-style: normal; position: relative; max-width: 769px; margin: 15px auto; padding: 30px 30px 25px; transition: box-shadow .25s cubic-bezier( .645, .045, .355, 1 ); text-align: center; background-color: #0d141d; background-repeat: no-repeat; background-position: 50%; background-size: cover; box-shadow: 0 0 0 0 0 transparent; background-color: #005bc8; background-image: none; background-position: 0 0; } .s-ad-sophos-mdr__title { font-size: 2rem; line-height: 1.125; margin-bottom: 4px; color: #fff; } .s-ad-sophos-mdr__text { font-family: SophosSansLight, Helvetica Neue, Helvetica, Arial, sans-serif; font-weight: 400; font-style: normal; font-size: 17px; color: #fff; } .s-ad-sophos-mdr__action { margin-top: 15px; } .s-ad-sophos-mdr__action .s-button { color: #fff; } .s-ad-sophos-mdr__link-wrapper { text-decoration: none; } .s-ad-sophos-mdr__link-wrapper:hover .s-ad-sophos-mdr { box-shadow: 0 5px 10px 0 rgba( 0, 0, 0, .15 ); } .s-ad-sophos-mdr__sophos-logo { position: absolute; top: 15px; right: 15px; } .s-ad-sophos-mdr__sophos-logo-svg { display: inline-block; width: 64px; height: 11px; vertical-align: top; background-repeat: no-repeat; background-size: 64px 11px; } .s-ad-sophos-mdr__title { font-family: SophosSansSemibold, Helvetica Neue, Helvetica, Arial, sans-serif; font-weight: 400; font-style: normal; font-size: 28px; font-weight: 700; line-height: 1; margin-bottom: 10px; text-align: left; } .s-ad-sophos-mdr__title svg { max-width: 100%; } .s-ad-sophos-mdr__text { font-size: 16px; line-height: 1.25; text-align: left; } .s-ad-sophos-mdr__action { text-align: right; } .s-ad-sophos-mdr .s-button { border-radius: 20px; } @media (min-width:769px) { .s-ad-sophos-mdr__text { margin-right: 140px; } .s-ad-sophos-mdr__action { position: absolute; right: 30px; bottom: 30px; } } @media (max-width:768px) { .s-ad-sophos-mdr { padding-top: 50px; } .s-ad-sophos-mdr__title { font-size: 1.625rem; } .s-ad-sophos-mdr__text { font-size: 16px; } .s-ad-sophos-mdr { padding-top: 30px; } }<\/p>\n<\/aside>\n<h2>\u201cAware of reports\u201d<\/h2>\n<p>We\u2019re guessing, given that a cybersecurity company reported this vulnerability, and given the almost immediate publication of a one-bug update, that the flaw was uncovered in the course of an active investigation into an intrusion on a customer\u2019s computer or network.<\/p>\n<p>After an unexpected or unusual break-in, where obvious entry paths simply don\u2019t show up in the logs, threat hunters typically turn to the gritty details of the detection-and-response logs at their disposal, attempting to piece together the system-level specifics of what happened.<\/p>\n<p>Given that browser remote code execution (RCE) exploits often involve running untrusted code that came from an untrusted source in an unexpected way, and launched a new thread of execution that wouldn\u2019t normally show up in the logs\u2026<\/p>\n<p>\u2026access to sufficiently detailed forensic \u201cthreat response\u201d data may not only reveal how the criminals got in, but also exactly where and how in the system they were able to bypass the security protections that would normally be in place.<\/p>\n<p>Simply put, working backwards in an environment in which you can replay an attack over and over, and watch how it unfolds, will often reveal the location, if not the exact working, of an exploitable vulnerability.<\/p>\n<p>And, as you can imagine, safely removing a needle from a haystack is much, much easier if you have a map of all pointy metal objects in the haystack to start with.<\/p>\n<p>In short, what we mean is that when Google says \u201cit is aware of reports\u201d of an attack launched by exploiting Chrome in real life, we\u2019re ready to assume that you can translate this into \u201cthe bug is real, and it really can be exploited, but because we didn\u2019t actually investigate the hacked system in real life ourselves, we\u2019re still on safe ground if we don\u2019t come straight out and say, \u2018Hey, everyone, it\u2019s an 0-day\u2019.\u201d<\/p>\n<p>The good news about bug disoveries of this sort is that they probably unfolded this way because the attackers wanted to keep both the vulnerability and the tricks needed to exploit it secret, knowing that bragging about the technique or using it too widely would hasten its discovery and thus shorten its value in targeted attacks.<\/p>\n<p>Today\u2019s browser RCE exploits can be fiendishly complex to discover and expensive to acquire, considering how much effort organisations like Mozilla, Microsoft, Apple and Google put into hardening their browsers against unwanted code execution tricks.<\/p>\n<p>In other words, Google\u2019s fast patching time, and the fact that most users will receive the update quickly and automatically (or at least semi-automatically), means that the rest of us can now not only catch up with the crooks, but get back ahead of them.<\/p>\n<h2>What to do?<\/h2>\n<p>Even though Chrome will probably update itself, we always recommend checking anyway.<\/p>\n<p>As mentioned above, you\u2019re looking for <strong>107.0.5304.87<\/strong> (Mac and Linux), or one  of <strong>107.0.5304.87<\/strong> and <strong>107.0.5304.88<\/strong> (Windows).<\/p>\n<p>Use <em>More<\/em> &gt; <em>Help<\/em> &gt; <em>About Google Chrome<\/em> &gt; <em>Update Google Chrome<\/em>.<\/p>\n<p>The open-source Chromium flavour of the browser, at least on Linux, is also currently at version <strong>107.0.5304.87<\/strong>.<\/p>\n<p>(If you use Chromium on Linux or one of the BSDs, you may need to check back with your distro maker to get the latest version.)<\/p>\n<p>We\u2019re not sure whether the Android version of Chrome is affected, and if so what version number to look out for.<\/p>\n<p>You can watch for any forthcoming update announcements for Android on Google\u2019s <a href=\"https:\/\/chromereleases.googleblog.com\/\" rel=\"nofollow\">Chrome Releases<\/a> blog.<\/p>\n<p>We\u2019re assuming that Chrome-based browsers on iOS and iPadOS aren\u2019t affected, because all Apple App Store browsers are compelled to use Apple\u2019s WebKit browsing subsystem, which doesn\u2019t use Google\u2019s V8 JavaScript engine.<\/p>\n<p>Interestingly, at the time of writing [2022-10-29T14:00:00Z], Microsoft\u2019s release notes for Edge described an update dated 2022-10-27 (two days after this bug was reported by the researchers), but didn\u2019t list CVE-2022-3723 as one of the security fixes in that build, which was numbered <strong>107.0.1418.24<\/strong>.<\/p>\n<p>We\u2019re therefore assuming that looking for any Edge version greater than this will indicate that Microsoft has published an update against this hole.<\/p>\n<p>You can keep your eye on Edge patches via Microsoft\u2019s <a href=\"https:\/\/learn.microsoft.com\/en-us\/DeployEdge\/microsoft-edge-relnotes-security\" rel=\"nofollow\">Edge Security Updates<\/a> page.<\/p>\n<hr \/>\n","protected":false},"author":1,"featured_media":1626948,"template":"","meta":{"_eb_attr":"","type":"","auto_type":false,"post":"","stream":"","stream_url":"","waveform_data":[],"duration":0,"start":0,"end":0,"bpm":0,"downloadable":false,"download_url":"","purchase_title":"","purchase_url":"","post-count-all":0,"like_count":0,"download_count":0,"editor_note":"","copyright":"","captions":[],"sources":[]},"genre":[10650],"station_tag":[17539,3884,5154,6539,14557,15679,15663,35263,7027,6174,4897,15662,5133,5404,3728,15665,3647,17436,6535,5026,6464,15664,9242,7457,14558,8453,15312,9642,14556,5367,5796,15675,14555,17542],"artist":[15727],"mood":[],"activity":[],"_links":{"self":[{"href":"https:\/\/platodata.io\/wp-json\/wp\/v2\/station\/1731532"}],"collection":[{"href":"https:\/\/platodata.io\/wp-json\/wp\/v2\/station"}],"about":[{"href":"https:\/\/platodata.io\/wp-json\/wp\/v2\/types\/station"}],"author":[{"embeddable":true,"href":"https:\/\/platodata.io\/wp-json\/wp\/v2\/users\/1"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/platodata.io\/wp-json\/wp\/v2\/media\/1626948"}],"wp:attachment":[{"href":"https:\/\/platodata.io\/wp-json\/wp\/v2\/media?parent=1731532"}],"wp:term":[{"taxonomy":"genre","embeddable":true,"href":"https:\/\/platodata.io\/wp-json\/wp\/v2\/genre?post=1731532"},{"taxonomy":"station_tag","embeddable":true,"href":"https:\/\/platodata.io\/wp-json\/wp\/v2\/station_tag?post=1731532"},{"taxonomy":"artist","embeddable":true,"href":"https:\/\/platodata.io\/wp-json\/wp\/v2\/artist?post=1731532"},{"taxonomy":"mood","embeddable":true,"href":"https:\/\/platodata.io\/wp-json\/wp\/v2\/mood?post=1731532"},{"taxonomy":"activity","embeddable":true,"href":"https:\/\/platodata.io\/wp-json\/wp\/v2\/activity?post=1731532"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}