Google has addressed a critical security vulnerability in the Chrome web browser that it being actively exploited in the wild.
Tracked as CVE-2022-3075, an insufficient data validation, which refers to a collection of runtime libraries that provide a platform-agnostic mechanism for inter-process communication.
As usual, Google said its aware of reports that an exploit for CVE-2022-3075 exists in the wild, without delving into additional specifics about the nature of the attacks to prevent additional threat actors from taking advantage of the flaw.
The fix marks the sixth zero-day vulnerability in Chrome that Google has resolved since the start of the year –
- CVE-2022-0609 – Use-after-free in Animation
- CVE-2022-1096 – Type confusion in V8
- CVE-2022-1364 – Type confusion in V8
- CVE-2022-2294 – Heap buffer overflow in WebRTC
- CVE-2022-2856 – Insufficient validation of untrusted input in Intents
Google urges to upgrade to 105.0.5195.102 version for Windows, macOS, and Linux. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.