Google has released a security update for the Chrome browser on Windows, Mac, and Linux to address a recently discovered zero-day vulnerability that is being actively exploited in cyberattacks. Users are advised to apply this update as soon as possible.
The update to Google Chrome version 105.0.5195.102 fixes a high-severity security issue (CVE-2022-307) related to insufficient data validation in Mojo, a collection of runtime libraries used in Chromium, which powers much of the code behind the Google Chrome browser.
Google says it has received reports that the security flaw was being actively exploited.
Careful communication
The security patch is expected to roll out to users in the coming days and weeks. Users are prompted to apply the update when prompted by Chrome.
Google has preferred to remain discreet about what it contains, preferring to “restrict access to details and links relating to vulnerabilities until the majority of users have received the patch”.
Google’s choice is explained in particular by security reasons, the information relating to the vulnerability being able to be exploited by cybercriminals.
The Singapore Computer Emergency Response Team (SingCERT) advises users to “install the latest security updates immediately” and encourages them to “enable the auto-update feature in Chrome to ensure their software is up to date.” day quicklyā€¯.
bug bounty
The vulnerability was submitted anonymously to Google by an unidentified cybersecurity researcher who will receive a bug bounty, the amount of which is yet to be determined.
“We also want to thank all the security researchers who worked with us during the development cycle to prevent security vulnerabilities from reaching the stable channel,” Google said.
For all software and applications, applying security updates as soon as they are available is one of the main measures to protect against cyberattacks, for individuals and organizations alike.
Source: ZDNet.com