Google is deploying a Chrome update to address a critical vulnerability actively exploited by hackers.
According to a blog post published by Google on Friday, the flaw was discovered in Chrome for Windows, Mac and Linux. Google’s experts are working on fixing the problem, which will be released in the coming weeks.
An unidentified cybersecurity researcher reported the vulnerability to Google on August 30. The Common Vulnerability Scoring System, an industry-standard methodology for quantifying cybersecurity risk, ranks the threat as high severity, the second-highest risk category. The vulnerability was registered as CVE-2022-3075.
Affected runtime libraries
Chrome is based on Chromium, an open-source browser created by Google. The flaw affects Mojo, a set of runtime libraries bundled with Chromium. A runtime library is a piece of software that another application — in this case, Chrome — relies on to function.
To improve Chrome’s dependability, Google developed the browser to execute each tab accessed by the user in an individual process. Mojo, the component where the newly discovered vulnerability was discovered, is used to transport data across Chrome processes.
Cause
According to Google, the newly reported vulnerability is the consequence of “insufficient data validation” in Mojo. Data validation is a means of preventing hackers from entering harmful information into an application. Apps that don’t sufficiently validate data can be vulnerable to cyberattacks.
The security issue is the latest in a long line of Chrome flaws that Google has patched since the start of the year. In April, the organization released a patch for another critical vulnerability affecting the browser’s V8 JavaScript engine. The engine is in charge of processing JavaScript code.