Overview 

A high-severity, zero-day vulnerability was found in Google’s Chrome web browser. CVE-2022-3075 is an insufficient data validation issue impacting Mojo – a collection of runtime libraries providing a platform-agnostic mechanism for inter-process communication (IPC).   

In an advisory released on Google’s blog, the company stated that they are aware of reports that an exploit for CVE-2022-3075 exists in the wild, and that access to bug details and links may be kept restricted until a majority of users are updated with a fix. They went on to state that Google will retain restrictions if the bug exists in a third-party library that other projects depend on but haven’t fixed.  

CVE-2022-3075 was reported by an anonymous researcher and Google addressed the bug with the release of Chrome version 105.0.5195.102. The update is now rolling out to Linux, macOS, and Windows users. This is the sixth Chrome zero-day for Google in 2022 and the third zero-day within the past two months.  

Avertium recommends that all users upgrade to version 105.0.5195.102 for Linux, macOS, and Windows immediately. If you use Brave, Opera, Microsoft Edge, and Vivaldi then you should apply the necessary patches when they become available. 

 

 

How Avertium is Protecting Our Customers:

  • Avertium offers Zero Trust Architecture, like AppGate, to stop malware lateral movement. 
  • Avertium offers Zero Trust Network as a Service (ZTNaaS) for any organization that wants to control their attack surface. The zero-trust security model delivers exactly what the name promises: it is an IT security concept that specifies no access is allowed until the successful completion of authentication and authorization processes.  
  • Fusion MXDR is the first MDR offering that fuses together all aspects of security operations into a living, breathing, threat-resistant XDR solution. By fusing insights from threat intelligence, security assessments, and vulnerability management into our MDR approach, Fusion MXDR offers a more informed, robust, and cost-effective approach to cybersecurity – one that is greater than the sum of its parts. 

 

 

Avertium's recommendations

  • If you are impacted by CVE-2022-3075, Avertium recommends that you upgrade to Chrome version 105.0.5195.102 for Linux, macOS, and Windows to stay safe and secure.  
  • Please apply updates to Brave, Opera, Microsoft Edge, and Vivaldi as they become available.  




 INDICATOR'S OF COMPROMISE (IOCS):

At this time, there are no known IoCs associated with CVE-2022-3075. Avertium’s threat hunters remain vigilant in locating IoCs for our customers. Should any IoCs be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.     



 

Supporting documentation

https://thehackernews.com/2022/09/google-release-urgent-chrome-update-to.html  

https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop.html  

https://www.securityweek.com/google-patches-sixth-chrome-zero-day-2022 

https://thehackernews.com/2022/09/google-release-urgent-chrome-update-to.html  

 

 

 

 

Related Reading: When Cybercriminal Gangs go Dark

 

Contact us for more information about Avertium’s managed security service capabilities. 
Chat With One of Our Experts



Zero-Day Vulnerability Flash Notice Google Chrome Google Chrome Vulnerability Google Blog