Google has released an urgent patch for CVE-2022-3075, a new zero-day vulnerability in the Chrome web browser – which it says is being actively exploited in the wild.
Here’s everything you need to know:
What is CVE-2022-3075?
This issue concerns a case of insufficient data validation in Mojo – a collection of runtime libraries that provide a platform-agnostic mechanism for inter-process communication (IPC). By persuading a victim to visit a specially crafted website, an attacker could exploit this vulnerability to bypass security restrictions.
You can read what Google has to say about this vulnerability here.
Does it affect me?
If the version of your installed Google Chrome is older than 105.0.5195.102, or your Microsoft Edge version is prior to 105.0.1343.27 – you are vulnerable!
It is still unclear whether iOS and Android users are vulnerable too, so to be safe we recommend that you stay updated, and keep an eye out for any new security patches.
Has CVE-2022-3075 been actively exploited in the wild?
Google is aware of reports that an exploit for CVE-2022-3075 exists in the wild. Technical details about the vulnerability won’t be released until a certain number of Chrome users have already applied the patch.
In order to mitigate any potential threats posed by CVE-2022-3075, users are advised to upgrade any Chromium-based browsers for Windows, macOS, and Linux. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to look for the newest security patch releases to apply the fixes as soon as they become available.
Each new vulnerability is a reminder of where we stand, and what we need to do better. Check out the following resources to help you maintain cyber hygiene and stay ahead of the threat actors:
- The most common CVEs (and how to fix them)
- How to fix CVE-2022-32893 and CVE-2022-32894 in Apple
- Mapping CVEs to the MITRE ATT&CK Framework
- The Vulcan Cyber community Slack channel
- Vulcan Remedy Cloud
Don’t get found out by new vulnerabilities. Vulcan Cyber gives you full visibility and oversight of your threat environment and lets you prioritize, remediate and communicate your cyber risk across your entire organization. Get a demo today.