High-severity 0-day is Chrome’s sixth patch of the year.

A security flaw exists in the Mojo component of browsers.

 

A critical flaw in the Chrome browser has been fixed by an urgent update from Google engineers. This flaw can already be exploited using publicly available code.

 

Insufficient data validation in Mojo, a Chrome component for messaging across inter- and intra-process borders that exist between the browser and the operating system it uses, is the cause of the vulnerability, which Google revealed on Friday. The vulnerability was disclosed to Google on Tuesday by an unidentified source and is tagged as CVE-2022-3075.

 

The business stated, “Google is aware of claims that an exploit for CVE-2022-3075 exists in the wild. Additional information, such as whether attackers are actively utilising the vulnerability or are merely in possession of the exploit code, was not included in the advisory.

 

The same flaw has been fixed in Microsoft’s Edge browser, which uses the same Chromium engine as Chrome.

 

The discovery of the exploit marks Chrome’s sixth zero-day vulnerability this year. Previous zero-days include:

 

Use-after-Free vulnerability CVE-2022-0609, patched in February
Type Confusion in V8 vulnerability CVE-2022-1096, patched in March
CVE-2022-1364, a vulnerability in the V8 JavaScript engine that was fixed in April.
Web Real-Time Communications vulnerability CVE-2022-2294 was addressed in July.
Insufficient input validation issue CVE-2022-2856 was patched in August
With the release of Chrome version 105.0.5195.102, which is available for Windows, Mac, and Linux, the most recent security problem was fixed. Chrome for iOS or Chrome for Android are not included in Google’s alert. The vast majority of Chrome-using devices have probably already received the update because, like the majority of contemporary browsers, Chrome by default instals patches. Go to Chrome > Settings > About Chrome to find out.