Google has released an update for Chrome that fixes a high-severity flaw in the browser that has been exploited in the wild. This is the sixth actively exploited zero day found in Chrome this year.
The vulnerability (CVE-2022-3075) is in the Mojo system API in Chromium and is the result of insufficient data validation. Google did not release many details on the bug or what the consequences of successful exploitation would be, but it’s fair to assume that the vulnerability is a dangerous one, given that Google released a new version of Chrome just to fix it.
Three days before the release of this update on Sept. 2, Google pushed out a major Chrome update that fixed more than 20 vulnerabilities.
Microsoft also released an update for Edge, which is based on Chromium, to fix this vulnerability.
“This update contains a fix for CVE-2022-3075, which has been reported by the Chromium team as having an exploit in the wild,” Microsoft’s advisory says.
This is the second zero day exploited in the wild that Google has fixed in Chrome in the last three weeks. On Aug. 16 the company patched an insufficient validation bug in the intents component of Chrome that had been used by attackers.