Google released an update for its Chrome browser on September 2 — and it contains a fix for an exploit actively being used against Mac and Windows users.
Chrome update 105.0.5195.102 fixes a high-risk security flaw that patches a dangerous zero-day bug. This is the sixth zero-day exploit that the company patched thus far in 2022.
Reported anonymously, CVE-2022-3075 is a vulnerability caused by insufficient data validation in Mojo. Mojo is a collection of runtime libraries that facilitates message passing across arbitrary inter- and intra-process boundaries.
Google's web page doesn't give details of the exploit, as expected with a zero-day patch. The company says there are reports that the flaw has been exploited by attackers in the wild.
"Access to bug details and links may be kept restricted until a majority of users are updated with a fix," the company said. "We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed."
Mac users can update the Google Chrome browser automatically by pressing Command-Q to quit the browser, then reopening the app. If the browser hasn't been closed in a while, a button will appear in the upper-right corner of the app that says Update. The color of the icon changes depending on the status of the update.
- Green: The pending update was released less than 2 days ago.
- Yellow: The pending update was released about 4 days ago.
- Red: The pending update was released at least a week ago.
Going into the Chrome menu, selecting Help and then About Google Chrome will display the update status of the browser.