Google has released a security update for the Chrome browser on Windows, Mac, and Linux to fix a newly found zero-day vulnerability that is being actively used by cyberattacks. Users are encouraged to install the update as soon as possible.
The release, which brings Google Chrome to version 105.0.5195.102, fixes a high-severity security issue (CVE-2022-307) that was caused by insufficient data validation in Mojo, a set of runtime libraries used by Chromium, which is a big part of the code behind the Google Chrome browser.
Google said that it’s “aware of reports that an exploit for CVE-2022-3075 exists in the wild.”
The security patch will be rolled out to users over the next few days and weeks. Users are urged to apply the update when Chrome asks them to.
Google hasn’t said exactly what the security update is about, but they have said that “access to bug details and links may be restricted until a majority of users are updated with a fix.”
It’s likely that information about the vulnerability is being kept secret for now to stop cybercriminals from taking advantage of it before most Google Chrome users have had a chance to apply the update.
The Singapore Computer Emergency Response Team (SingCERT) tells users to “install the latest security updates right away” and that “users are also encouraged to enable the automatic update function in Chrome” to make sure their software is updated quickly.
The vulnerability was reported to Google anonymously by a cybersecurity researcher, who will receive a bug bounty that hasn’t been decided yet.
“We’d also like to thank all the security researchers who worked with us during the development process to keep security bugs from ever making it to the stable channel,” Google said.
One of the most important things people and businesses can do to protect themselves and their businesses from cyberattacks is to apply security updates on time for all software and apps.