{"id":20017,"date":"2022-09-05T16:10:57","date_gmt":"2022-09-06T00:10:57","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2022\/09\/05\/news-13750\/"},"modified":"2022-09-05T16:10:57","modified_gmt":"2022-09-06T00:10:57","slug":"news-13750","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2022\/09\/05\/news-13750\/","title":{"rendered":"Zero-day puts a dent in Chrome&#8217;s mojo"},"content":{"rendered":"<p>On Friday, Google <a href=\"https:\/\/chromereleases.googleblog.com\/2022\/09\/stable-channel-update-for-desktop.html\">announced<\/a> the release of a new version of its Chrome browser that includes a security fix for a zero-day tracked as&nbsp;<a rel=\"noreferrer noopener\" href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2022-3075\" target=\"_blank\">CVE-2022-3075<\/a>. As with previous announcements, technical details about the vulnerability won&#8217;t be released until a certain number of Chrome users have already applied the patch.<\/p>\n<p>Google is urging its Windows, Mac, and Linux users to update Chrome to version<strong> 105.0.5195.102<\/strong>.<\/p>\n<p>CVE-2022-3075 is described as an &#8220;[i]nsufficient data validation in Mojo&#8221;. According to Chromium documents, Mojo is &#8220;a collection of runtime libraries&rdquo; that facilitates interfacing standard, low-level interprocess communication (IPC) primitives. Mojo provides a platform-agnostic&nbsp;abstraction&nbsp;of these primitives, which comprise most of Chrome&#8217;s code.<\/p>\n<p>An anonymous security researcher is credited for discovering and reporting the flaw.<\/p>\n<p>CVE-2022-3075 is the sixth zero-day Chrome vulnerability Google had to address. The previous ones were:<\/p>\n<ul>\n<li><a rel=\"noreferrer noopener\" href=\"https:\/\/thehackernews.com\/2022\/02\/new-chrome-0-day-bug-under-active.html\" target=\"_blank\">C<\/a><a href=\"https:\/\/thehackernews.com\/2022\/02\/new-chrome-0-day-bug-under-active.html\">VE-2022-0609<\/a>, a Use-after-Free (UAF) vulnerability, which was patched in February<\/li>\n<li><a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2022\/03\/update-now-google-releases-emergency-patch-for-chrome-zero-day-used-in-the-wild\">CVE-2022-1096<\/a>, a &#8220;Type Confusion in V8&#8221; vulnerability, which was patched in March<\/li>\n<li><a rel=\"noreferrer noopener\" href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/google-chrome-emergency-update-fixes-zero-day-used-in-attacks\/\" target=\"_blank\">CVE-2022-1364<\/a>, a flaw in the V8 JavaScript engine, which was patched in April<\/li>\n<li><a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2022\/07\/update-now-chrome-patches-another-zero-day-vulnerability\">CVE-2022-2294<\/a>, a flaw in the Web Real-Time Communications (WebRTC), which was patched in July<\/li>\n<li><a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2022\/08\/update-chrome-now-google-issues-patch-for-zero-day-spotted-in-the-wild\">CVE-2022-2856<\/a>, an insufficient input validation flaw, which was patched in August<\/li>\n<\/ul>\n<p>Google Chrome needs minimum oversight as it updates automatically. However, if you&#8217;re in the habit of not closing your browser or have extensions that may hinder Chrome from automatically doing this, please check your browser every now and then.<\/p>\n<p>Once Chrome notifies you of an available update, don&#8217;t hesitate to download it. The patch is applied once you relaunch the browser.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.malwarebytes.com\/blog\/news\/2022\/09\/easset_upload_file63727_234723_e.png\" alt=\"\" style=\"display: block; margin-left: auto; margin-right: auto;\" width=\"641\" height=\"309\" \/><\/p>\n<p>Stay safe!<\/p>\n<p><a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2022\/09\/update-chrome-asap-a-new-zero-day-is-already-being-exploited\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<table cellpadding='10'>\n<tr>\n<td valign='top' align='left'>\n<p>Categories: <a href='https:\/\/www.malwarebytes.com\/blog\/category\/exploits-and-vulnerabilities' rel='category tag'>Exploits and vulnerabilities<\/a><\/p>\n<p>Categories: <a href='https:\/\/www.malwarebytes.com\/blog\/category\/news' rel='category tag'>News<\/a><\/p>\n<p>The Google Chrome Team recently issued a fix for the CVE-2022-3075 zero-day.<\/p>\n<table width='100%'>\n<tr>\n<td align=right>\n<p><b>(<a href='https:\/\/www.malwarebytes.com\/blog\/news\/2022\/09\/update-chrome-asap-a-new-zero-day-is-already-being-exploited' title='Zero-day puts a dent in Chrome's mojo'>Read more&#8230;<\/a>)<\/b><\/p>\n<\/td>\n<\/tr>\n<\/table>\n<\/td>\n<\/tr>\n<\/table>\n<p>The post <a rel='nofollow' href='https:\/\/www.malwarebytes.com\/blog\/news\/2022\/09\/update-chrome-asap-a-new-zero-day-is-already-being-exploited'>Zero-day puts a dent in Chrome&#8217;s mojo<\/a> appeared first on <a rel='nofollow' href='https:\/\/www.malwarebytes.com'>Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[22783,32],"class_list":["post-20017","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-exploits-and-vulnerabilities","tag-news"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/20017","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=20017"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/20017\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=20017"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=20017"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=20017"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}