Google ships an update for Chrome vulnerability
Google released an update for a new Chrome web browser vulnerability. There was a recent release of CVE-2022-3075, the sixth zero-day found in the popular browser.
Google has released a new patch for the Windows, Mac and Linux versions of Google’s browser to fix an issue containing insufficient data validation. This issue was reported in Chromium – the open-source browser that Chrome is based on and is strictly attributed to runtime libraries.
Mojo Libraries compile various functions, including communication between two processes.
Google credited an anonymous researcher with finding CHR-2022-3075, which exists due to an error in Chrome’s validation. This would allow a threat actor to exploit the bug by providing a malicious input.
Google has an update available for Chrome that will mitigate the vulnerability, it is now available in most regions. To see if you have updated Chrome, check the Settings > About Chrome.
Google found a bug in the stable build and was able to update to a fix as soon as possible. The bug details were kept confidential until a majority of people were aware of it. They would also keep it confidential if the bug was also in a third party library for other projects that needed to be fixed by other companies.
Microsoft fixes zero-day vulnerabilities
The discovery of CVE-2022-3075 has been occurring during the time when version 105 was released. This update fixed 24 security issues, none of which was described as a priority, though one was critical and eight others were given a high severity rating.
Chrome had 6 zero-day vulnerabilities, the first being exploited by hackers. Details of Google’s response to these vulnerabilities are below.