A high-severity, zero-day vulnerability was found in Google’s Chrome web browser. CVE-2022-3075 is an insufficient data validation issue impacting Mojo – a collection of runtime libraries providing a platform-agnostic mechanism for inter-process communication (IPC).
In an advisory released on Google’s blog, the company stated that they are aware of reports that an exploit for CVE-2022-3075 exists in the wild, and that access to bug details and links may be kept restricted until a majority of users are updated with a fix. They went on to state that Google will retain restrictions if the bug exists in a third-party library that other projects depend on but haven’t fixed.
CVE-2022-3075 was reported by an anonymous researcher and Google addressed the bug with the release of Chrome version 105.0.5195.102. The update is now rolling out to Linux, macOS, and Windows users. This is the sixth Chrome zero-day for Google in 2022 and the third zero-day within the past two months.
Avertium recommends that all users upgrade to version 105.0.5195.102 for Linux, macOS, and Windows immediately. If you use Brave, Opera, Microsoft Edge, and Vivaldi then you should apply the necessary patches when they become available.
At this time, there are no known IoCs associated with CVE-2022-3075. Avertium’s threat hunters remain vigilant in locating IoCs for our customers. Should any IoCs be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.
INDICATOR'S OF COMPROMISE (IOCS):
Related Reading: When Cybercriminal Gangs go Dark