Google stated, “Google is aware of reports that a CVE-2022-3723 exploit exists in the wild. The internet behemoth was alerted to the zero-day vulnerability on October 25 by cybersecurity company Avast. As reported by Avast, this is the second of seven Chrome zero-day vulnerabilities that Google has patched this year. Google patched CVE-2022-2294, the previously exploited vulnerability discovered by Avast, in early July with a Chrome 103 update.
Avast disclosed a few weeks later that it had connected an Israeli spyware company named Candiru to the use of the security flaw.