\nGoogle is aware of reports that an exploit for CVE-2022-3723 exists in the wild.<\/p>\n<\/blockquote>\n
(Apple also regularly uses a similarly disengaged flavour of OMG-everybody-there\u2019s-an-0-day notification, using words to the effect that it \u201cis aware of a report that [an] issue may have been actively exploited\u201d.)<\/p>\n
This Chrome update means that you\u2019re now looking for a version number of 107.0.5304.87<\/strong> or later. <\/p>\nConfusingly, that\u2019s the version number to expect on Mac or Linux, while Windows users may get 107.0.5304.87<\/strong> or 107.0.5304.88<\/strong>, and, no, we don\u2019t know why there are two different numbers there.<\/p>\nFor what it\u2019s worth, the cause of this security hole was described as \u201ctype confusion in V8\u201d<\/em>, which is jargon for \u201cthere was an exploitable bug in the JavaScript engine that could be triggered by untrusted code and untrusted data that came in apparently innocently from outside\u201d.<\/p>\nLoosely speaking, that means it\u2019s almost certain that merely visiting and viewing a booby-trapped website\u00a0\u2013 something that\u2019s not supposed to lead you into harm\u2019s way on its own\u00a0\u2013 could be enough to launch rogue code and implant malware on your device, without any popups or other download warnings.<\/p>\n
That\u2019s what\u2019s known in cybercrime slang as a drive-by install<\/em>.<\/p>\n