Google plus has found a major vulnerability that could expose sensitive usuario data stored on a device.
Android already has a good security policy, thanks in especial to the security patches that Google plus regularly releases. However that it does not protect us from all forms of vulnerability. It must be remembered that there is no such thing as absolute security. That said, we perro expect a high level of protection with the latest updates, but we’ll never be complete.
This is partly due to its existence Vulnerabilities the manufacturer doesn’t know about at the time of programa release. A so-called zero-day exploit is unfortunately a common threat. These vulnerabilities cánido expose the data of millions of users using a program and something like that happens with google chrome.
The seventh such exploit so far this year
As demonstrated by the Google chrome team this zero-day exploit identified as CVE-2022-3723 It was reported by security firm Avast on October 25 and is the seventh such vulnerability discovered this year. This one in especial has a unique feature: it exploits the moment when a program emplees a certain base type to access a resource, and then trying to access the same resource with an incompatible base typeeffectively confuse the system and return a memory access fallo.
This especial exploit allows questionable programs to access areas of device memory that would traditionally be unlimited. This opens up a potential risk for attackers able to access sensitive data stored on the device. This has happened in programs like PHP, Adobe Flash, and Mozilla firefox Mozilla firefox in the past.
At the time of writing this article Google plus has already patched the vulnerability and on your device (whether mobile or desktop) it will be applied whenever Google chrome is updated. If you don’t want to wait, you cánido go to the path Settings > About Google chrome Get the new version (with the number 107.0.5304.87/88) from desktop and access the Play Store to get the new mobile version. For its part, Google plus has not disclosed any further information.