Google Chrome users on Windows, Mac and Linux should install the latest update to the browser to protect themselves from a serious security vulnerability that hackers are actively exploiting.
“Google is aware of reports that an exploit for CVE-2022-3075 is in the wild,” the company said in a Sept. 2 blog post. An anonymous tipster reported the issue on August 30, and Google says the update will roll out to all users in the coming days or weeks.
The company has yet to release much information on the nature of the bug. All we know so far is “insufficient data authentication” in Mojo, the collection of runtime libraries used by Chromium, Google Chrome’s built-in codebase.
“Access to bug details and links may be restricted until the majority of users are updated with fixes,” the company said. By keeping those details under wraps for now, Google makes it harder for hackers to figure out how to exploit the vulnerability before a new update makes it vulnerable to attacks.
Chrome users will need to restart the browser to activate the update. It updates Chrome for Windows, Mac and Linux to version 105.0.5195.102. To make sure you’re using the latest version, click the three dots icon in the top right corner of your browser. Navigating to “Help,” then “About Google Chrome,” will take you to a page that tells you if Chrome is up to date on your device.
This latest update comes just days after the release of Google Chrome version 105 on August 30. That update already comes with 24 security fixes. Apparently, that still wasn’t enough.
This is the sixth zero-day vulnerability that Chrome has encountered so far this year. The last actively exploited vulnerability was flagged in mid-August, Bleeping computer reported.