Voyager18 (research)

CVE-2022-3075: how to fix the zero-day vulnerability in Chrome

Everything you need to know about CVE-2022-3075. What it is, whether or not you're affected - and how to fix it.

Yair Divinsky | September 07, 2022

Google has released an urgent patch for CVE-2022-3075, a new zero-day vulnerability in the Chrome web browser – which it says is being actively exploited in the wild.

Here’s everything you need to know:

What is CVE-2022-3075?

This issue concerns a case of insufficient data validation in Mojo – a collection of runtime libraries that provide a platform-agnostic mechanism for inter-process communication (IPC). By persuading a victim to visit a specially crafted website, an attacker could exploit this vulnerability to bypass security restrictions.

You can read what Google has to say about this vulnerability here

Does it affect me?

If the version of your installed Google Chrome is older than 105.0.5195.102, or your Microsoft Edge version is prior to 105.0.1343.27 – you are vulnerable!

It is still unclear whether iOS and Android users are vulnerable too, so to be safe we recommend that you stay updated, and keep an eye out for any new security patches.

Has CVE-2022-3075 been actively exploited in the wild?

Google is aware of reports that an exploit for CVE-2022-3075 exists in the wild. Technical details about the vulnerability won’t be released until a certain number of Chrome users have already applied the patch.

Fixing CVE-2022-3075

In order to mitigate any potential threats posed by CVE-2022-3075, users are advised to upgrade any Chromium-based browsers for Windows, macOS, and Linux. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to look for the newest security patch releases to apply the fixes as soon as they become available.

Next steps

Each new vulnerability is a reminder of where we stand, and what we need to do better. Check out the following resources to help you maintain cyber hygiene and stay ahead of the threat actors:

  1. The most common CVEs (and how to fix them)
  2. How to fix CVE-2022-32893 and CVE-2022-32894 in Apple
  3. Mapping CVEs to the MITRE ATT&CK Framework
  4. The Vulcan Cyber community Slack channel
  5. Vulcan Remedy Cloud

And finally…

Don’t get found out by new vulnerabilities. Vulcan Cyber gives you full visibility and oversight of your threat environment and lets you prioritize, remediate and communicate your cyber risk across your entire organization. Get a demo today.

Free for risk owners

Set up in minutes to aggregate and prioritize cyber risk across all your assets and attack vectors.

"Idea for an overwhelmed secops/security team".

Name Namerson
Head of Cyber Security Strategy