Chrome patches high-severity 0-day, its 6th this year

Enlarge (credit: Getty Images | NurPhoto )

Google engineers have issued an emergency update for the Chrome browser to fix a high-severity vulnerability that can be exploited with code that’s already available in the wild.

The vulnerability, which Google disclosed on Friday, is the result of “insufficient data validation in Mojo,” a Chrome component for messaging across inter- and intra-process boundaries that exist between the browser and the operating system it runs on. The vulnerability, which is tracked as CVE-2022-3075, was reported to Google last Tuesday by an anonymous party.

“Google is aware of reports that an exploit for CVE-2022-3075 exists in the wild,” the company said. The advisory didn’t provide additional details, such as whether attackers are actively exploiting the vulnerability or are simply in possession of exploit code.

Read 3 remaining paragraphs | Comments