Check the status of CVEs. Learn More.
Keeping your systems up 100% of the time requires live patching. Our solutions will align strongly with your risk, compliance, and operational uptime requirements.
TuxCare is trusted by the most innovative companies across the globe.
Our partner program is designed with flexibility in mind for partners who are at various stages of their business lifecycle. With financial investment and dedicated resources, you will continue to grow with TuxCare.
Would you like to work with a leader in open source and Linux security that values innovation and partnerships?
Partners receive benefits that are designed to reward the commitment that they have made to the sale of our products and services.
Learn about TuxCare's modern approach to reducing cybersecurity risk with Blogs, White Papers, and more.
Continually increasing Cybersecurity, stability, and availability of Linux servers and open source software since 2009.
September 16, 2022
chrome, Google, Patch Management
Google has released an emergency patch to fix a zero-day vulnerability exploited in the wild. Tracked as CVE-2022-3075, the zero-day flaw was discovered and reported on August 30, 2022 by an anonymous researcher.
The flaw is an insufficient data validation in Mojo. This refers to a collection of runtime libraries that provide a platform-agnostic mechanism for inter-process communication (IPC).
Google admitted that it “is aware of reports that an exploit for CVE-2022-3075 exists in the wild.” The tech giant however failed to provide additional specifics on the nature of the attacks that can help users prevent additional threat actors from exploiting the flaw.
Google ask users to upgrade to version 105.0.5195.102 for Windows, macOS, and Linux to mitigate imminent threats. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are advised to apply fixes as soon as they are available.
The update makes it the sixth zero-day vulnerability in Chrome that Google has patched since the start of the year. The other five flaws include CVE-2022-0609, CVE-2022-1096, CVE-2022-1096, CVE-2022-1364, CVE-2022-2294, CVE-2022-2856.
CVE-2022-0609 is as user-after-free vulnerability in the Animation component that if successfully exploited could lead to corruption of valid data and the execution of arbitrary code on affected systems.
CVE-2022-2294 is a heap overflow flaw in the WebRTC component that provides real-time audio and video communication capabilities in browsers without the need to install plugins or download native apps.
CVE-2022-2856 is a case of insufficient validation of untrusted input in Intents.
The sources for this piece include an article in TheHackerNews.
Tell us your challenges and our experts will help you find the best approach to address them with the TuxCare product line.