• Source:JND
Add as a preferred

Google has asked its users to immediately install a security update in its Chrome browser in order to safeguard themselves against a serious bug being actively exploited by hackers.

The tech giant informed that it is aware of reports that an exploit for 'CVE-2022-3075' exists in the wild, mentioning the vulnerability as "Insufficient data validation in Mojo" reported by an anonymous security researcher.

The company also informed its users about a security patch it has released for Google Chrome users on Windows, Mac, and Linux operating systems that will roll out over the coming days/weeks.

"Access to bug details and links may be kept restricted until a majority of users are updated with a fix," Google said in a security update. "We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed," it added, as quoted by the news agency IANS.

This is the sixth zero-day vulnerability Chrome has faced to date this year.

Meanwhile, chrome users now need to relaunch their browsers to activate the latest security update. The latest version of Chrome comes just a few days after Google released Chrome version 105 on August 30. "We would like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel," mentioned the company.

Earlier, The Indian Computer Emergency Response Team (CERT-In) under the Ministry of Electronics and Information Technology also issued a warning for Chrome users. The notification flash on the official website read, "Multiple vulnerabilities have been reported in Google Chrome for the desktop which could be exploited by an attacker to execute arbitrary code on the targeted system."

The notification also informed about the vulnerabilities that allow an attacker to execute arbitrary code on the targeted system.

"These vulnerabilities exist in Google Chrome for desktop due to Use after free in Network Service, WebSQL, Layout, PhoneHub, Browser Tag, Tab Strip, SplitScreen, Passwords, and Sign-In Flow; Heap buffer overflow in Screen Capture, WebUI, Exosphere and Window Manager; In an appropriate implementation in Site Isolation, Chrome OS lockscreen, Pointer Lock and iframe Sandbox; Insufficient validation of untrusted input in V8, Insufficient policy enforcement in Extension API, DevTools and Content Security Policy," the notification mentioned adding that the "successful exploitation of these can allow the attacker to execute arbitrary code on the targeted system".

(With agency inputs)