The tech giant confirmed that an exploit for ‘CVE-2022-3075’ exists in the wild, citing the vulnerability as “Insufficient data validation in Mojo” as reported by an anonymous security researcher. “Google is aware of reports that an exploit for CVE-2022-3075 exists in the wild,” the company said in a blog post published on September 2nd. An anonymous tipster reported the issue on August 30th. The company stated that a security patch for Google Chrome users on Windows, Mac, and Linux operating systems will be released in the coming days/weeks.
“Access to bug details and links may be restricted until the majority of users have received a fix,” Google stated in a security update. “We will also retain restrictions if the bug exists in a third-party library on which other projects rely but have not yet been fixed,” it added. By keeping those details under wraps for now, Google makes it harder for hackers to figure out how to exploit the vulnerability before the new update closes the opportunity for attacks.
To activate the update, Chrome users must restart the browser. This will update Chrome for Windows, Mac, and Linux to version 105.0.5195.102. To ensure you’re using the most recent version, click the three-dot icon in the top right corner of your browser. Navigating to “Help,” then “About Google Chrome,” will take you to a page that will tell you if Chrome is up to date on your device.
This latest update arrives just days after Google Chrome version 105 was released on August 30th. This update already included 24 security fixes. That apparently wasn’t enough. This is the sixth zero-day vulnerability that Chrome has encountered this year. According to BleepingComputer, the most recent actively exploited vulnerability was discovered in mid-August.