Google Chrome Has Another Zero-Day Problem

Google tends to update its popular web browser, Chrome, quite frequently. In fact, we tend to see at least one update a month, complete with new features and bug fixes cooked up by Google labs. However, every once in a while, an issue pops up that is so severe, we need a solution as soon as possible. The discovery of another Chrome zero-day is such an issue.

A “zero-day” is a security vulnerability with a known exploit in the wild. Most security vulnerabilities, while an inherent threat to security, are less severe, since bad actors don’t know how to exploit them for their own gain. Once someone discovers an exploit, however, that vulnerability becomes a pressing issue. It turns a theoretical hole in the security of your system into a ticking time bomb: If you enter the crosshairs of someone in the know, it’s bad news.

This time, the zero-day concerns an “insufficient data validation in Mojo,” a collection of runtime libraries in Chrome. Google identifies the exploit as a “high-severity” issue (already implied by its zero-day nature) and names it CVE-2022-3075. It detailed the problem in a Chrome Releases blog post on Friday, Sept. 2. According to the company, an anonymous source identified the issue.

[$TBD][1358134] High CVE-2022-3075: Insufficient data validation in Mojo. Reported by Anonymous on 2022-08-30

Google

This update brings Chrome to version 105.0.5195.102 on Mac, Windows, and Linux.

How to update Google Chrome

Google will roll this update out to all Chrome users over the next few weeks. However, if you don’t want to wait to update, you can trigger the patch manually.

Click on the three dots in the top-right corner of your window, then choose Help > About Google Chrome. Wait for Chrome to load the latest update, then click “Relaunch” to install it.

Photo by Pawel Czerwinski on Unsplash