Google engineers have released an urgent update to the Chrome browser to fix a critical security vulnerability that can be exploited with existing code.
The security hole that Google revealed on friday. The vulnerability, tracked as CVE-2022-3075, was reported to Google by an anonymous party last Tuesday.
“Google is aware of reports that the CVE-2022-3075 exploit exists in the wild,” the company said. The advisory did not provide further details, such as whether attackers are actively exploiting the vulnerability or simply in possession of the exploit code.
Microsoft’s Edge browser, built on the same Chromium engine as Chrome, also has has been updated to fix the same vulnerability.
The appearance of the exploit is the sixth zero-day that Chrome has overcome this year. The previous zero day is:
- CVE-2022-0609Patch to use after free in February
- CVE-2022-1096“Type Confusion in V8” vulnerability was patched in March
- CVE-2022-2294a vulnerability in Real-Time Communication on the Web, patched in July
- CVE-2022-2856an insufficient input validation vulnerability, patched in August
The latest security vulnerability has been resolved with the release of Chrome version 105.0.5195.102, available for Windows, Mac and Linux. Google’s advice doesn’t mention Chrome for iOS or Android. Like most modern browsers, Chrome automatically installs patches by default, so it’s likely most devices that use Chrome have already received the update. Users can check by going to Chrome > Settings > About Chrome.