Google has released a security update for the Chrome browser on Windows, Mac and Linux to address a recently discovered zero-day vulnerability that is being actively exploited in cyberattacks. Users are advised to install this update as soon as possible.
Update for Google Chrome version 105.0.5195.102 resolves a major security issue (CVE-2022-307) related to insufficient data validation in Mojo, a set of runtime libraries used by Chromium that powers most Google Chrome code. browser.
Google says it has received reports of active exploitation of the security breach.
The security patch is expected to be released to users in the coming days and weeks. Users are prompted to apply the Chrome On-Demand Update.
Google has chosen to remain cautious about what it contains, preferring to “restrict access to details and links regarding vulnerabilities until most users receive a patch.”
The choice of Google is explained, in particular, by security considerations, since information about the vulnerability can be used by cybercriminals.
The Singapore Computer Emergency Response Team (SingCERT) advises users to “immediately install the latest security updates” and encourages them to “enable Chrome’s auto-update feature to keep their software up to date.”
reward for error
The vulnerability has been anonymously submitted to Google by an unknown cybersecurity researcher who will receive a bug bounty that has yet to be determined.
“We also want to thank all the security researchers who worked with us throughout the development cycle to prevent security vulnerabilities from entering the stable channel,” Google said in a post.
For all programs and applications, applying security updates as soon as they are released is one of the main defenses against cyberattacks for both individuals and organizations.