A high-severity vulnerability in Google’s Chrome web browser that is already being used in the wild has been patched by an emergency update. According to a description, it affects Mojo, a Chrome component made up of a number of runtime libraries that enable messaging across inter- and intra-process borders. The high-severity security flaw, which is tracked as CVE-2022-3075, was discovered. The bug bounty reward for the report has not yet been decided by Google.
Version 105.0.5195.102 of Chrome, which is currently rolling out to users of Windows, Macs, and Linux, was released in order to close the security flaw. This browser update only fixes this vulnerability. Google has patched six Chrome zero-days so far in 2022, with the third being fixed in the last two months. CVE-2022-3075 is the most recent one to be fixed. Mid-August of 2022 saw the resolution of the fifth Chrome zero-day, whereas early July saw the fourth.
The July zero-day, identified as CVE-2022-2294 and categorised as a heap buffer overflow in WebRTC, has been connected to targeted assaults attributed to Candiru, an Israeli spyware firm.
