Chrome users
Google has recently released version 105.0.5195.102 of its Chrome browser for both Windows and Mac and Linux and, if you haven't, we recommend that you update your browser immediately.
This update, in fact, is considered emergency and is aimed at solving a zero-day vulnerability considered high risk and labeled as CVE-2022-3075. For more information on the patch, visit the official Google Chrome blog.
The update has already been distributed in the Stable Desktop channel and should soon reach the entire user base of the browser.
No technical details relating to the vulnerability have been disclosed, nor further information on related violations, all that is known is that the cause is to be found in insufficient data validation in Mojo, a collection of runtime libraries that they facilitate the passage of messages between arbitrary boundaries within processes and between one process and another. However, given the emergency intervention carried out by Google, we recommend that you check the version of Chrome you are using as soon as possible.| ); } To check and update your version of Google Chrome, click on the menu at the top right (the three dots), hover your mouse over Help at the bottom of the list and select About Chrome from the new menu that appears. At this point, you will be redirected to a new tab where you can see the version number of your browser and you will have the opportunity to update, provided it is not started automatically. At the end of the operation, click on the browser restart button that will appear once the download and installation phase is complete to allow Chrome to complete the update. If you were working on any tabs, we recommend that you save your work and close the tabs before proceeding.
Google Chrome zero-day flaw: Users urged to install update 'immediately'
Image: Getty/iStockphotoGoogle has released a security update for the Chrome browser on Windows, Mac and Linux to fix a newly discovered zero-day vulnerability that is being exploited actively by cyberattacks – and users are urged to apply the update as soon as possible.
The release, which updates Google Chrome to version 105.0.5195.102, fixes what's described as a high-severity security issue (CVE-2022-307) relating to insufficient data validation in Mojo, a collection of runtime libraries used in Chromium, which powers much of the code behind the Google Chrome browser.
Google said it's 'aware of reports that an exploit for CVE-2022-3075 exists in the wild'.
SEE: These are the cybersecurity threats of tomorrow that you should be thinking about today
The security patch is set to be rolled out to users over the coming days and weeks. Users are urged to apply the update when Chrome asks them.
Google hasn't provided exact details of what the security update relates to, noting 'access to bug details and links may be kept restricted until a majority of users are updated with a fix'.
It's likely that information about the vulnerability is being withheld for now to prevent cyber criminals from taking advantage of it before most Google Chrome users have had an opportunity to apply the update.
The Singapore Computer Emergency Response Team (SingCERT) advises users to 'install the latest security updates immediately' – and that 'users are also encouraged to enable the automatic update function in Chrome to ensure that their software is updated promptly.'
The vulnerability was submitted anonymously to Google by an unnamed cybersecurity researcher who will receive a bug bounty that is yet to be decided.
'We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel,' said Google.
For any software and applications, applying security updates in a timely manner is one of the key things that individuals and organisations can do to help protect themselves and their businesses against cyberattacks.
MORE ON CYBERSECURITY