Google has released Chrome 105.0.5195.102 for Windows, Mac, and Linux users to address a single high-severity security flaw, the sixth Chrome zero-day exploited in attacks patched this year.
“Google is aware of reports that an exploit for CVE-2022-3075 exists in the wild,” the company said in a security advisory published on Friday.
This new version is rolling out in the Stable Desktop channel, with Google saying that it will reach the entire user base within a matter of days or weeks.
Also Read: What You Need to Know About Singapore’s Data Sharing Arrangements
It was available immediately when BleepingComputer checked for new updates by going into the Chrome menu > Help > About Google Chrome.
The web browser will also auto-check for new updates and automatically install them after the next launch.
The zero-day bug fixed today (CVE-2022-3075) is high severity vulnerability caused by insufficient data validation in Mojo, a collection of runtime libraries that facilitates message passing across arbitrary inter- and intra-process boundaries.
Google says that this security issue was found by a security researcher that chose to report it anonymously.
Even though the browser vendor says the zero-day was exploited in the wild, it is yet to share technical details or info regarding these incidents.
“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” Google added.
“We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.”
By delaying the release of more information on these attacks, Google is likely aiming to provide Chrome users with enough time to update and prevent exploitation attempts until more threat actors create their own exploits to deploy in attacks.
Also Read: PDPA Compliance for HR Managers in Singapore: A Must
With this release, Google has issued security updates to address the sixth Chrome zero-day patch since the start of the year.
The previous five zero-day vulnerabilities found and patched in 2022 are:
As the Google Threat Analysis Group (TAG) revealed in February, CVE-2022-0609 was exploited by North Korean-backed state hackers weeks before the February patch. Furthermore, the earliest signs of exploitation were found in early January.
The bug was abused in campaigns pushing malware via phishing emails using fake job lures and compromised websites hosting hidden iframes serving exploit kits.
Given that the zero-day bug patched today is also known to have been exploited by attackers in the wild, it is strongly recommended to upgrade the Google Chrome web browser as soon as possible.
Importance of Efficient Access Controls that every Organisation in Singapore should take note of. Enhancing…
Prioritizing Security Measures When Launching a Webpage That Every Organisation in Singapore should take note…
Importance of Regularly Changing Passwords for Enhance Online Security that every Organisation in Singapore should…
Comprehensive Approach to Data Protection and Operational Integrity that every Organsiation in Singapore should know…
Here's the importance of Pre-Launch Testing in IT Systems Implementation for Organisations in Singapore. The…
Understanding Liability in IT Vendor Relationships that every Organisation in Singapore should look at. Understanding…
This website uses cookies.
