Google rolled out emergency fixes to address actively exploited Chrome zero-day

Google rolled out emergency fixes to address a vulnerability in the Chrome web browser that is being actively exploited in the wild.

Google on Friday released emergency fixes to address a vulnerability, tracked as CVE-2022-3075, in the Chrome web browser that is being actively exploited in the wild.

The CVE-2022-3075 flaw is caused by insufficient data validating in Mojo. Mojo is a collection of runtime libraries providing a platform-agnostic abstraction of common IPC primitives, a message IDL format, and a bindings library with code generation for multiple target languages to facilitate convenient message passing across arbitrary inter- and intra-process boundaries.

The vulnerability was reported by an anonymous researcher on August 30, 2022.

“Google is aware of reports that an exploit for CVE-2022-3075 exists in the wild.” reads the advisory published by Google.

An anonymous researcher has been credited with reporting the high-severity flaw on August 30, 2022.

This is the sixth zero-day vulnerability in Chrome that the IT giant addressed in 2022, the previous ones are:

• CVE-2022-2856 (August 17) – Insufficient validation of untrusted input in Intents
• CVE-2022-2294 (July 4) – Heap buffer overflow in the Web Real-Time Communications (WebRTC) component
• CVE-2022-1364 (April 14) –  type confusion issue that resides in the V8 JavaScript engine
• CVE-2022-1096 – (March 25) – type Confusion in V8 JavaScript engine
• CVE-2022-0609 – (February 14) – use after free issue that resides in the Animation component.

Users should update to version 105.0.5195.102 for Windows, macOS, and Linux.

The issue also affects other Chromium-based browsers, including Microsoft Edge, Brave, and Opera.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Chrome)

[adrotate banner=”5″]

[adrotate banner=”13″]