At the end of last week, an urgent update of the Google Chrome browser was released, designed to eliminate the zero-day vulnerability – this is the class of problems that programmers have conditional zero days to solve. This is due to the fact that the developer learns about the vulnerability later than the attackers, and the situation becomes many times more dangerous. According to Google employees, cybercriminals are already actively using the bug in their attacks.
In this regard, the company strongly recommends updating the Chrome browser for Windows, Linux and Mac devices to version 105.0.5195.102. Microsoft Edge, Brave, Opera and Vivaldi users running on the Chromium engine are also advised to check for program updates.
The exact details of the vulnerability have not yet been disclosed in order not to give attackers more ways to harm browser users. It is only known that the problem was codenamed CVE-2022-3075. It refers to data validation in the Mojo interprocess communication library.
The problem was reported to the developers by an anonymous information security researcher.