Google has published a security advisory against a new, critical 0-day vulnerability in the Google Chrome browser. The vulnerability, tracked as CVE-2022-3075, is a high-severity vulnerability that is caused by insufficient data validation in Mojo. This vulnerability can be exploited by attackers to bypass security restrictions. All Chrome users need to fix this vulnerability before they face any consequences. Due to the need to fix the issue, we will highlight how to Fix CVE-2022-3075- A New 0-day in Google Chrome Browser.
A Short Note About Mojo
Mojo is defined as “a collection of runtime libraries that provide a platform-agnostic abstraction of common IPC primitives, a message IDL format, and bindings library with code generation for multiple target languages to facilitate convenient message passing across arbitrary inter- and intra-process boundaries.“
To run high-level support libraries, including the System APIs or Binding APIs, you must initialize Mojo Core first. Some platforms also enable applications to depend on a dynamically linked Mojo Core library. To benefit from this, the library’s binary should be present in one of the following.
- The working directory of the application
- A directory named by the MOJO_CORE_LIBRARY_PATH environment variable
- A directory named at the run time explicitly by the application.
Summary of CVE-2022-3075
The CVE-2022-3075 is one of the high-severity vulnerabilities that can persuade victims to visit a specially crafted website. By doing so, an attacker can exploit this vulnerability and bypass security. As of now, not many details have been revealed about the CVE-2022-3075 by Google. It will reveal the root cause of the vulnerability and its implications in the coming weeks.
Until then, we only know that the vulnerability is related to an insufficient data validation issue in Mojo, as reported by Google Advisory. Let’s see how to fix CVE-2022-3075 – a New 0-day in Google Chrome Browser in the coming sessions.
How to Fix CVE-2022-3075- A New 0-day in Google Chrome Browser?
Google has responded to this flaw by releasing an updated version of the Google Chrome Browser. Google recommends Chrome users update their vulnerable versions to the fixed Chrome version to avoid any consequences.
The updated version released by Google is Chrome 105.0.5195.102. Chrome users are advised to install the security update immediately on whatever OS they use, including Windows, Mac, and Linux.
More technical details about the attacks that can occur by exploiting this vulnerability are to be released by Google in the coming weeks. Until then, users must install the Chrome update to prevent threat actors from exploiting the flaw.
How to Upgrade Chrome Browser
Chrome browser normally runs updates in the background when you close and then reopen your browser. However, if you haven’t done this in a while, a pending update might be available in a colored icon.
Different colors show how long it’s been since the update was released. The green color means an update was released less than two days ago. The orange color shows the release of the update almost four days ago, and the red color means it has been at least a week. Follow the steps to update your Chrome browser to its latest version.
- Open Chrome browser on your computer.
- At the top right corner of your browser, click More. A drop-down menu will appear.
- In the drop-down menu, click HELP and go to About Google Chrome.
- Click on Update Google Chrome.
Note: If you can’t find the update button, it means you’re on the latest version of the Chrome browser.
- Click Relaunch.
Your browser will be updated to the latest version which has fixed the issue. If you have deployed the offline installation package, you can manually download the updated version to upgrade your browser. We hope this post helped you how to fix CVE-2022-3075- A New 0-day in Google Chrome Browser.
Please share this post if you find this interested. Visit our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium & Instagram, and subscribe to receive updates like this.