Google Chrome users on Windows, Mac, and Linux should install the latest browser update to protect themselves from a serious vulnerability that hackers are actively exploiting.
“Google is aware of reports that an exploit for CVE-2022-3075 exists in the wild,” the company says said in a September 2 blog post. An anonymous tipster reported the issue on August 30, and Google says it expects the update to be rolled out to all users in the coming days or weeks.
The company has not yet released much information about the nature of the bug. What we know so far is that it has to do with “Insufficient data validation” in mojoa collection of runtime libraries used by Chromium, the codebase on which Google Chrome is built.
“Access to bug details and links may be restricted until a majority of users are updated with a fix,” the company said. By keeping these details secret for now, Google is making it harder for hackers to figure out how to exploit the vulnerability before the new update closes the opportunity for attacks.
Chrome users must restart the browser for the update to take effect. This will update Chrome to version 105.0.5195.102 for Windows, Mac, and Linux. To make sure you’re using the latest version, click the three dots icon in the top right corner of your browser. Navigating to ‘Help’ and then ‘About Google Chrome’ will take you to a page that tells you if Chrome is up to date on your device.
This latest update will come just a few days later Google has Chrome version 105 . released on August 30. That update already came with 24 security fixes. Apparently that wasn’t enough.
This is the sixth zero-day vulnerability that Chrome has faced so far this year. The last vulnerability which was actively operated was just marked in mid-August, BleepingComputer reported.