Google has rolled out an emergency security update for its Chrome web browser to address a critical vulnerability, which is being actively exploited by hackers.
Tracked as CVE-2022-3075, the bug stems from insufficient validation of user-supplied input within the Mojo component in Google Chrome and could be used by a remote attacker to execute arbitrary code on the system by tricking the victim into visiting a malicious website.
The vendor noted in its security advisory that CVE-2022-3075 was exploited in real-world attacks, but did not provide technical details regarding the hacks. As Google explained, it will share more info about the incidents when “a majority of users are updated with a fix.”
With this release Google addressed sixth zero-day flaw since the start of 2022. The rest five zero-days fixed this year include CVE-2022-2856 (August 17), CVE-2022-2294 (July 4), CVE-2022-1364 (April 14), CVE-2022-1096 (March 25), CVE-2022-0609 (February 14).