• World CyberCon India
Firewall Daily Main Story

Google Chrome Releases High Severity Security Update

It was determined that the cause of the vulnerability was ‘insufficient data validation’ in Mojo -- a collection of runtime libraries used by browsers like Chrome, Brave, Opera etc.

Google Chrome Releases High Severity Security Update
  • PublishedSeptember 7, 2022

Google Chrome released an update to fix a zero-day vulnerability that was found to be actively exploited by hackers. The vulnerability CVE-2022-3075 was given a security patch as announced on September 2. On its blog, Google announced that version ‘105.0.5195.102’ offered a fix to a high-severity security issue.

More about the security issue in Google Chrome

As per reports, all users will be notified about the fix in the coming days and have been urged to update Chrome on Windows, Mac, and Linux. An anonymous cybersecurity researcher brought forward the security issue on August 30.

It was determined that the cause of the vulnerability was ‘insufficient data validation’ in Mojo. Mojo is a collection of runtime libraries used by browsers like Chrome, Brave, Opera etc.

Google’s blog did not detail the issue in depth to prevent further exploitation based on newer reports. “Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on but haven’t yet fixed,” read the blog.

Hackers may misuse bug-related information

Google withheld the details related to the security issue, fearing that hackers could further misuse the bug. The technology company would disclose the same once necessary actions have been taken to curb the threat.

Input from other researchers

In the post, the company thanked its external researchers who contributed to the security update. “Many of our security bugs were detected by Sanitizers using AddressSanitizer, MemorySanitizer, UndefinedBehaviourSanitizer, Control Flow Integrity, libFuzzer or AFL.” These tools help detect and fix bugs, among other capabilities.

Google has requested users to look for security updates and to opt for automatic updates, so they do not miss or delay a fix that might corrupt their system. As per reports, the researcher who informed Google about the security issue will be rewarded with a bug bounty.

Written By
Editorial

The Cyber Express is a publication that aims to provide the latest news and analysis about the information security industry. The news comes from a variety of sources and is updated regularly so that readers can stay up to date with the latest happenings in this rapidly growing field.