In other words, a threat actor can exploit the bug by feeding a malicious input.įix for the zero-day vulnerability, whose exploit “exists in the wild,” will be released in the coming days/week, according to Google’s post dated September 2, 2022. Google credited an anonymous researcher with discovering CVE-2022-3075, which from the information revealed by Google so far, exists due to gaps in how Chrome is fed inputs for validation. These libraries, collectively known as Mojo, enable Chrome or any other app/program that runs on it for multiple functions, mainly to carry out inter- and intra-process communication. Without going into details of the vulnerability for obvious reasons, Google said CVE-2022-3075 exists due to “insufficient data validation” in the runtime libraries that Chromium, the open-source browser Chrome is based on. Google issued the update for the desktop versions of the browser, including Windows, Mac, and Linux. Tracked as CVE-2022-3075, the vulnerability is the sixth zero-day one found in the popular browser. Google recently rolled out an update for a new zero-day vulnerability found in the Chrome web browser.
0 Comments
Leave a Reply. |