Google Warns Actively Exploited Zero-Day Flaw Is Affecting Chrome's Mojo, Patch ASAP
It's been several days since Google began rolling out an important security update for its Chrome browser, but even so, there's no guarantee that it's been applied on your system yet. Given the acknowledgement that the patched flaw is one that is actively being exploited in the wild, you'd be well served to manually update Chrome on your PC(s) right away—and while you're at it, delete these Chrome extensions too.
Unfortunately, there's not a whole lot of information about the zero-day exploit at issue. All we know is that it's tracked as CVE-2022-3075. It has a "High" severity rating and is described as an "insufficient data validation in Mojo" exploit. Critically, however, Google plainly states it is "aware of reports that an exploit for CVE-2022-3075 exists in the wild."
There are billions (plural) of Chrome users. Anyone who has not yet updated to the latest stable build at the time of this writing (version 105.0.5195.102 on Windows, Mac, and Linux) is potentially vulnerable to whatever this zero-day entails.
The reason Google isn't providing more clarity at the moment is because it typically keeps bug details under lock and key "until a majority of users are updated with a fix." This would indicate that most Chrome users are not yet updated, four days after a patch was made available.
For anyone wondering, Mojo is a collection of runtime libraries that provide a small suite of low-level IPC primitives (message pipes, data pipes, and shared buffers). The patch for the actively exploited zero day leveraging a flaw in Mojo arrives just days after Google pushed out Chrome version 105, which itself contained a couple dozen unrelated bug fixes.
To facilitate a manual update, click on the three vertical dots in the upper-right corner of Chrome and navigate to Help > About Google Chrome. The browser will then check for and fetch the latest update. It prompt you to relaunch the browser to complete its installation if an update is available.
While you're at it, you should update your Microsoft Edge browser as well. Edge is based on Chromium, the same engine that powers Chrome, and Microsoft has likewise pushed out a security update that brings the stable build to version 105.0.1343.27.
To apply the update in Edge, click on the three horizontal dots in the upper-right corner, then go to Help and feedback > About Microsoft Edge.
