At the end of last week, an urgent update of the Google Chrome browser was released, designed to eliminate a zero-day vulnerability – this is the class of problems that programmers have conditional zero days to solve.
This is due to the fact that the developer learns about the vulnerability later than the attackers, and the situation becomes much more dangerous. According to Google employees, cybercriminals are already actively using the bug in their attacks. In this regard, the company recommends updating the Chrome browser for Windows, Linux, and Mac devices to version 105.0.5195.102. Users of Microsoft Edge, Brave, Opera, and Vivaldi running on the Chromium engine are also advised to check for app updates.
The exact details of the vulnerability have not yet been disclosed in order not to give attackers more ways to harm browser users. It is only known that the problem received the code name CVE-2022-3075. It refers to the validation of data in the Mojo interprocess interaction library.
