Google Chrome Confirms Emergency Update to Fix Zero-Day Vulnerability.

September 05, 2022 By Raulf Hernes

(Image Credit Google)

On Friday, Google directed emergency fixes to inscribe a security vulnerability in the Chrome web browser that is being proactively exploited in the wild. The zero-day bug fixed (CVE-2022-3075) is a high-severity vulnerability caused by inadequate data validation in Mojo, a collection of run-through libraries that facilitates message passing across arbitrary inter- and intra-process boundaries. On August 30, 2022, an anonymous researcher was credited with reporting the high-severity flaw on August 30, 2022. However, Google explains that this security issue was found by a security researcher that chose to report it incognito. Additionally, the browser vendor says the zero-day was played in the wild; it is yet to share technical information or details regarding these incidents. Google added, "Access to bug details and links may be restricted until a majority of users are updated with a fix. "Further, "We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on but haven't yet fixed," Google said.

Although, by procrastinating the release of more information on these attacks, Google is likely targetting to give Chrome users enough time to update and to nip in bud exploitation attempts until more hackers create their exploits to deploy in attacks.

Sixth Chrome zero-day fixed in 2022

The newest update makes it the sixth zero-day vulnerability in Chrome that Google has resolved since the start of the year. The previous five zero-day vulnerabilities found and patched in 2022 are:

CVE-2022-0609 - Use-after-free in Animation- February 14
CVE-2022-1096 - Type confusion in V8- March 25
CVE-2022-1364 - Type confusion in V8- April 14
CVE-2022-2294 - Heap buffer overflow in WebRTC- July 4
CVE-2022-2856 - Insufficient validation of suspicious input in Intents- August 17

As the Google Threat Analysis Group (TAG) exposed in February, that CVE-2022-0609 was exploited by North Korean-backed state hackers weeks before the February patch. Furthermore, the initial signs of exploitation were found in early January. Although, the bug was misapplying in campaigns pushing malware via phishing emails using fake job tempt and compromised websites hosting hidden iframes serving exploit kits. In addition, the zero-day bug patched today is also known to have been exploited by attackers in the wild; upgrading the Google Chrome web browser as soon as possible is strongly recommended. Meanwhile, users are recommended to upgrade to version 105.0.5195.102 for Windows, macOS, and Linux to mitigate potential threats. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes when they become available.

By Raulf Hernes

If you ask me raulf means ALL ABOUT TECH!!

Google Chrome Confirms Emergency Update to Fix Zero-Day Vulnerability.

Sixth Chrome zero-day fixed in 2022

Walmart's GenAI Search Engine: Challenging Google's Dominance in Retail Search

Introducing the MSI Claw Handheld: Your Ultimate Gaming Companion

Uber Increases In-App Ads, Prompting Mixed Reactions from Customers

Apple's iOS 18: A Leap into the AI Era

Google's Regular Pixel 8 Won't Get Gemini Nano AI

MacBook Air M3 Makes Amends for M2's Storage Blunder

Samsung Unveils the Galaxy M15 5G

Elon Musk's xAI to Open-Source Chatbot Grok

Contra: Operation Galuga - A Modern Run-and-Gun Classic

Musk Confirms X's TV App Arrives This Week

Walmart's GenAI Search Engine: Challenging Google's Dominance in Retail Search

Uber Increases In-App Ads, Prompting Mixed Reactions from Customers

Apple's iOS 18: A Leap into the AI Era

Google's Regular Pixel 8 Won't Get Gemini Nano AI

Elon Musk's xAI to Open-Source Chatbot Grok

Instagram Surpasses TikTok in App Downloads