Google on Friday shipped emergency fixes to address a security
vulnerability in the Chrome web browser that it said is being
actively exploited in the wild.
The issue, assigned the identifier
CVE-2022-3075, concerns a case of insufficient
data validating in Mojo[1], which refers to a
collection of runtime libraries that provide a platform-agnostic
mechanism for inter-process communication (IPC).
An anonymous researcher has been credited with reporting the
high-severity flaw on August 30, 2022.
“Google is aware of reports that an exploit for CVE-2022-3075
exists in the wild,” the internet giant said[2], without delving into
additional specifics about the nature of the attacks to prevent
additional threat actors from taking advantage of the flaw.
The latest update makes it the sixth zero-day vulnerability in
Chrome that Google has resolved since the start of the year –
Users are recommended to upgrade to version 105.0.5195.102 for
Windows, macOS, and Linux to mitigate potential threats. Users of
Chromium-based browsers such as Microsoft Edge, Brave, Opera, and
Vivaldi are also advised to apply the fixes as and when they become
available.
Read more https://thehackernews.com/2022/09/google-release-urgent-chrome-update-to.html