Google on Friday, Sept 2nd, shipped emergency fixes to address a security vulnerability in the Chrome web browser that it said is being actively exploited in the wild.
The issue, assigned the identifier CVE-2022-3075, concerns a case of insufficient data validating in Mojo, which refers to a collection of runtime libraries that provide a platform-agnostic mechanism for inter-process communication (IPC).
An anonymous researcher has been credited with reporting the high-severity flaw on August 30, 2022.
“Google is aware of reports that an exploit for CVE-2022-3075 exists in the wild,” the internet giant said, without delving into additional specifics about the nature of the attacks to prevent additional threat actors from taking advantage of the flaw.
The latest update makes it the sixth zero-day vulnerability in Chrome that Google has resolved since the start of the year –
- CVE-2022-0609 – Use-after-free in Animation
- CVE-2022-1096 – Type confusion in V8
- CVE-2022-1364 – Type confusion in V8
- CVE-2022-2294 – Heap buffer overflow in WebRTC
- CVE-2022-2856 – Insufficient validation of untrusted input in Intents
Users are recommended to upgrade to version 105.0.5195.102 for Windows, macOS, and Linux to mitigate potential threats. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.
Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for our Weekly Cybersecurity Newsletter Today.
Remember, CyberSecurity Starts With You!
- Globally, 30,000 websites are hacked daily.
- 64% of companies worldwide have experienced at least one form of a cyber attack.
- There were 20M breached records in March 2021.
- In 2020, ransomware cases grew by 150%.
- Email is responsible for around 94% of all malware.
- Every 39 seconds, there is a new attack somewhere on the web.
- An average of around 24,000 malicious mobile apps are blocked daily on the internet.
- Android puzzle game with over one million downloads reveals user information - 3 December 2022
- Nvidia patches 29 GPU driver bugs that could lead to code execution, device takeover - 2 December 2022
- Online disclosure of 5+ million Twitter users’ stolen information - 30 November 2022