- Google released the fix for a vulnerability found in the Chrome web browser, which is being exploited in the wild.
- The vulnerability was reported by an anonymous researcher and Google will decide on the reward later.
- According to Google’s security advisory, the vulnerability was caused by insufficient data validation in Mojo.
Google fixed a security vulnerability in the Chrome web browser that is being actively exploited in the wild. The vulnerability, being tracked as CVE-2022-3075, is caused by insufficient data validation in Mojo. The vulnerability was reported by an anonymous researcher and the reward for finding the vulnerability will be decided later.
Insufficient data validation in Mojo
According to the advisory, the Stable channel has been updated to 105.0.5195.102 for Windows, Mac, and Linux, which will be rolled out over the coming days or weeks. Since it is an emergency fix addressing a vulnerability that is being exploited in the wild, users are urged to apply the patch as soon as possible.
Details and links will be kept restricted until the majority of the users are fixed the vulnerability. If the bug exists in a third-party library used by other projects, restrictions may retain. For the full list of changes in the build, you can check the change log published by Google. Google said,
« We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel. Google is aware of reports that an exploit for CVE-2022-3075 exists in the wild. »