Google and Microsoft released the latest versions of Chrome and Edge, respectively, last week to patch a high-risk vulnerability in the browser that was already exploited.
Google said that the Chrome stable channel for the three main platforms of Windows, macOS and Linux has been updated to version 105.0.5195.102, which will be deployed to the client in the next few days or weeks, and calls on users to install it as soon as possible.
Google explained that the new version fixes the high-risk vulnerability numbered CVE-2022-3075, due to insufficient data verification of Mojo. Mojo is a runtime library for inter-process or intra-process module communication (IPC) in Chromium. The new vulnerability was reported by external researchers at the end of August. Google did not explain much details, but only said that it knew that a mining program for CVE-2022-3075 had appeared on the Internet.
The vulnerability also affects the Chromium-based Edge browser. To this end, Microsoft also released the latest version of Edge, version 105.0.1343.27. In fact, Singapore’s cybersecurity authority has warned that Chromium-based browsers including Brave, Opera and Vivaldi have all been updated to the latest versions.
Google also patched the Mojo component’s sandbox escape vulnerability in April 2020, allowing attackers to execute malicious code on Chrome users’ computers. This is also the sixth zero-day vulnerability patched by Chrome this year. Other vulnerabilities were patched in security updates in February, March, April, July, and August.
Google was only revealed last week by security firm Lapcat Software that a bug in Chrome version 104 could allow malicious websites to overwrite the contents of the system’s clipboard without the user’s consent. However, this vulnerability has not been confirmed by Google.