Google advised its users to immediately install a security update on their Chrome browser to protect themselves from a serious bug that will be actively exploited by hackers.
The tech giant said it is aware of reports that an exploit for “CVE-2022-3075” exists in the wild, citing the vulnerability as “insufficient data validation in Mojo” reported by an anonymous security researcher.
The company said it has released a security patch for Google Chrome users on Windows, Mac and Linux operating systems that will roll out in the coming days/weeks.
“Access to bug details and links may be restricted until most users are updated with a fix,” Google said in a security update.
“We will also maintain the restriction if the bug exists in a third-party library that other projects similarly depend on, but which has not yet been fixed,” he added.
This is the sixth zero-day vulnerability that Chrome has faced so far this year.
Chrome users now need to restart the browser to activate the latest security update.
This latest update comes just days after Google released Chrome version 105 on August 30.
“We would like to thank all the security researchers who worked with us throughout the development cycle to prevent security bugs from entering the stable pipeline,” the company said.
Google announced on Friday that it has shipped emergency patches to address a zero-day security flaw that was found to be actively being exploited in the wild in the Chrome browser.
As a result, Google released Chrome 105.0.5195.102. And below are the platforms for which this new version has been released:-
Windows
Mac
Linux
Zero-Day Error
This zero day bug was tracked as:-
CVE-2022-3075
The bug mentioned above is a very serious security flaw and not only that, but it is the sixth zero-day Chrome bug that has been patched this year.
In 2022, five previous zero-day vulnerabilities were found and patched and they are listed below:-
CVE-2022-2856
CVE-2022-2294
CVE-2022-1364
CVE-2022-1096
CVE-2022-0609
An updated version of Google Chrome is now available in all stable desktop channels. So it is certain that it will reach all users within a relatively short period of time.
This zero-day bug occurs due to insufficient data validation in Mojo, resulting in a very serious vulnerability. This collection of runtime libraries allows messages to be passed between processes across arbitrary intra-process and inter-process boundaries.
There have been a number of exploits of this zero-day, but the technical details of this vulnerability and its exploits are not yet known.
It’s likely that Google wants to give Chrome users enough time to update and stop further exploitation of this vulnerability in the wild.
Update now
As a precautionary measure, we recommend that users update to version 105.0.5195.102 as soon as possible to mitigate potential security issues. We also encourage users of Chromium-based browsers to apply the patch as soon as it becomes available to protect their systems.
For new updates you can follow the simple steps given below:-
Go to the Chrome menu.
Then find and select Help.
Then you need to select About Google Chrome.
And it is done.
Now after doing all the above steps, the web browser will automatically check for new updates and install the update automatically.
