Google Releases An Update To Patch Yet Another Vulnerability In Chrome

Chrome for Windows, Mac, and Linux has received a security update from Google to address a recently identified zero-day vulnerability that cyber attackers are actively exploiting.

To clarify, a zero-day vulnerability is a known flaw in a system or device that has not yet been fixed. Chrome 105.0.5195.102, “address[ing] a single high-severity security hole CVE-2022-307,” was released recently for Windows, Mac, and Linux users.

Recently, a security flaw was discovered in Mojo, a set of runtime libraries used in Chromium, the browser engine underlying Google Chrome. CVE is a program that tries to identify, describe, and catalog publicly revealed cybersecurity vulnerabilities.

According to Google’s analysts, this is the sixth time they’ve strongly recommended that people upgrade immediately. Users should expect the latest security patch in the following days and weeks. When Chrome prompts users to update, they should do so.

According to Google’s announcement, an unnamed security researcher discovered the flaw and reported it to the company.

“Access to problem details and links may be maintained restricted until a majority of users are updated with a repair,” Google stated, adding that it will “retain limitations if the bug exists in a third party library that other projects also depend on, but haven’t yet rectified.”

Google has expressed gratitude to the “security researchers that worked with us over the development cycle to ensure no security vulnerabilities made it into the stable channel.”

Meanwhile, Apple released iOS patches earlier this month to address an actively exploited zero-day security issue. Attackers may have been able to utilize the flaw in Apple’s browser engine WebKit, which is used in Safari and all iOS web browsers, to craft malicious Web content that executes code on a user’s device remotely (known as “remote code execution,” or “RCE.”

According to the company’s announcement, the update is compatible with the iPhone 5S, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch 6th generation.

Apple has recognized that the defect (CVE-2022-32893) is being actively exploited and has urged users of impacted devices to update quickly, describing the vulnerability as an out-of-bounds write issue in WebKit.