Google is releasing a new security patch after discovering a flaw that is already being exploited.
If you use Google Chrome on a computer, you should immediately update your browser, if it hasn’t already happened automatically. Indeed, recently, the Mountain View company released a new version of Chrome for Windows, Mac, and Linux that includes an important fix.
This fixes a security bug referenced as CVE-2022-3075 and reported by an anonymous researcher. Google says it has evidence that this bug is already being exploited by hackers, hence the urgency of the update that is being rolled out. If you are not up to date yet, here is a link to download Chrome.
Google does not yet provide details to protect its users
For the moment, the firm does not give details on this problem in order to make its exploitation more difficult.
“Access to bug details and links may be restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but have not yet been fixed.
However, it specifies that the problem concerns the set of Mojo runtime libraries, a component that facilitates communication between browser processes. The version that fixes this issue is Chrome 105.0.5195.102.
Generally, Google Chrome updates automatically. But to make sure you’re already protected, you can check the browser version by going to the Chrome menu, then “Help”, then “About Google Chrome”.
If a newer version is available, the browser automatically searches and then automatically downloads this new version. Then all that remains is to install the update.
Sixth zero-day flaw since the beginning of the year
On August 30, Google had already released 24 security patches as part of the deployment of the stable version of Chrome 105. But that was not enough. Chrome 105 also included improvements to the way Chrome works, including improved Picture-in-picture functionality on Android, as well as improved web app behavior.
Otherwise, as noted by The Hacker News site, since the beginning of the year, this is the sixth time that Google has corrected a zero-day flaw.
As our colleagues from 01net remind us, the last one dates back to August. Google Chrome had released security patches for eleven flaws, including one critical flaw already exploited in the wild. “This bug (CVE-2022-2856) is housed in the “Intent” module which allows actions to be programmed according to a certain context”, explained our colleagues.
In any case, all this reminds us of the importance of using supported and always up-to-date software, in order to be protected by the latest security patches. And if you’re really careful, you can also install antivirus software for extra protection against malware.