Just a couple of weeks after a previous zero-day, Google has rolled out another emergency Chrome browser update patching another zero-day vulnerability.
Chrome Zero-Day Fixed In Emergency
According to the latest advisory from Google, a serious zero-day vulnerability existed in its Chrome browser, demanding immediate attention.
Google has credited an anonymous researcher for reporting the flaw, following which the tech giant worked on developing a fix.
Maintaining its cautious practice of not revealing vulnerability details early to prevent unwanted exploitation, the tech giant has once again not elaborated on the flaw. Nor does it confirm how and when the vulnerability came under attack.
However, it did confirm detecting active exploits of the bug in the wild.
Google is aware of [reports] that an exploit for CVE-2022-3075 exists in the wild.
For now, what Google has revealed is that the researcher caught an insufficient data validation issue in the Mojo component. The vulnerability, CVE-2022-3075, received a high severity rating, indicating the potential risk associated with its exploitation.
After receiving the report, Google addressed the flaw within two days, releasing the patch with Chrome desktop browser version 105.0.5195.102. This update includes this single security fix and is applicable for Windows, Mac, and Linux systems.
With this update, Google has added one more zero-day fix to the list of zero-day patches rolled out this year. Per numbers, this one marks the sixth prominent zero-day update for the Chrome browser.
But what’s more interesting is that Google released this emergency update just two weeks after patching another zero-day. However, that wasn’t a small one and included 10 other security updates as well. Nonetheless, that one, too, arrived a month after a previous zero-day patch.
Given this recurrence, users should really pay attention to the Chrome browsers running on their devices. Ideally, they must update their devices right after an update arrives to avoid any risks.