Google Chrome users on Windows, Mac, and Linux need to install the latest update to the browser to protect themselves from a serious security vulnerability that hackers are actively exploiting.
“Google is aware of reports that an exploit for CVE-2022-3075 exists in the wild,” the company said in a September 2nd blog post. An anonymous tipster reported the problem on August 30th, and Google says it expects the update to roll out to all users in the coming days or weeks.
The company hasn’t released much information yet on the nature of the bug. What we know so far is that it has to do with “Insufficient data validation” in Mojo, a collection of runtime libraries used by Chromium, the codebase that Google Chrome’s built on.
“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” the company said. By keeping those details under wraps for now, Google makes it harder for hackers to figure out how to exploit the vulnerability before the new update closes the opportunity for attacks.
Chrome users need to relaunch the browser to activate the update. This will update Chrome to version 105.0.5195.102 for Windows, Mac, and Linux. To make sure you’re using the latest version, click the icon with the three dots in the top right corner of your browser. Navigating to “Help,” and then “About Google Chrome” will lead you to a page that tells you whether Chrome is up to date on your device.
This latest update comes just days after Google released Chrome version 105 on August 30th. That update already came with 24 security fixes. Apparently, that still wasn’t enough.
This is the sixth zero-day vulnerability Chrome has faced so far this year. The last vulnerability that was actively exploited was just flagged in mid-August, BleepingComputer reported.