ClickCease Google Release Chrome Update to Fix New Zero-day Flaw - TuxCare

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

Google Release Chrome Update to Fix New Zero-day Flaw

Obanla Opeyemi

September 16, 2022 - TuxCare expert team

Google has released an emergency patch to fix a zero-day vulnerability exploited in the wild. Tracked as CVE-2022-3075, the zero-day flaw was discovered and reported on August 30, 2022 by an anonymous researcher.

The flaw is an insufficient data validation in Mojo. This refers to a collection of runtime libraries that provide a platform-agnostic mechanism for inter-process communication (IPC).

Google admitted that it “is aware of reports that an exploit for CVE-2022-3075 exists in the wild.” The tech giant however failed to provide additional specifics on the nature of the attacks that can help users prevent additional threat actors from exploiting the flaw.

Google ask users to upgrade to version 105.0.5195.102 for Windows, macOS, and Linux to mitigate imminent threats. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are advised to apply fixes as soon as they are available.

The update makes it the sixth zero-day vulnerability in Chrome that Google has patched since the start of the year. The other five flaws include CVE-2022-0609, CVE-2022-1096, CVE-2022-1096, CVE-2022-1364, CVE-2022-2294, CVE-2022-2856.

CVE-2022-0609 is as user-after-free vulnerability in the Animation component that if successfully exploited could lead to corruption of valid data and the execution of arbitrary code on affected systems.
CVE-2022-1096 is a zero-day flaw described as a type of confusion vulnerability in the V8 JavaScript engine.

CVE-2022-1364 is similar to CVE-2022-1096 since it is also a type confusion flaw in the V8 JavaScript engine.

CVE-2022-2294 is a heap overflow flaw in the WebRTC component that provides real-time audio and video communication capabilities in browsers without the need to install plugins or download native apps.

CVE-2022-2856 is a case of insufficient validation of untrusted input in Intents.

The sources for this piece include an article in TheHackerNews.

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Related Articles

Attackers actively exploit Unpatched Control...

Malicious hackers have started exploiting a critical vulnerability CVE-2022-44877 in...

January 27, 2023

Attackers distribute malware via malicious...

Deep Instinct researchers reported that RATs like StrRAT and Ratty...

January 26, 2023

CircleCI partners AWS to identify...

According to CircleCI’s CTO, Rob Zuber, CircleCI is working with...

January 25, 2023

Cisco warns of authentication bypass...

A remote attacker could exploit multiple vulnerabilities in four Cisco...

January 24, 2023

IceID malware infiltrates Active Directory...

In a notable IcedID malware attack, the assailant impacted the...

January 23, 2023

Bitdefender releases decryptor for MegaCortex...

Bitdefender experts have created a universal decryptor for victims of...

January 20, 2023