Google has released a security update for the Chrome browser on Windows, Mac and Linux to fix a newly discovered zero-day vulnerability that is being exploited actively by cyberattacks – and users are urged to apply the update as soon as possible.
The release, which updates Google Chrome to version 105.0.5195.102, fixes what’s described as a high-severity security issue (CVE-2022-307) relating to insufficient data validation in Mojo, a collection of runtime libraries used in Chromium, which powers much of the code behind the Google Chrome browser.
Google said it’s “aware of reports that an exploit for CVE-2022-3075 exists in the wild”.
The security patch is set to be rolled out to users over the coming days and weeks. Users are urged to apply the update when Chrome asks them.
Google hasn’t provided exact details of what the security update relates to, noting “access to bug details and links may be kept restricted until a majority of users are updated with a fix”.
It’s likely that information about the vulnerability is being withheld for now to prevent cyber criminals from taking advantage of it before most Google Chrome users have had an opportunity to apply the update.
The Singapore Computer Emergency Response Team (SingCERT) advises users to “install the latest security updates immediately” – and that “users are also encouraged to enable the automatic update function in Chrome to ensure that their software is updated promptly.”
The vulnerability was submitted anonymously to Google by an unnamed cybersecurity researcher who will receive a bug bounty that is yet to be decided.
“We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel,” said Google.
For any software and applications, applying security updates in a timely manner is one of the key things that individuals and organisations can do to help protect themselves and their businesses against cyberattacks.