Examples of such solutions include Microsoft Endpoint Manager (Configuration Manager, Microsoft Intune) and Kaseya VSA with Software Management. If your organization maintains a centralized software patch management platform that can handle upgrading third-party applications, they can be used to deploy the latest Google Chrome version to address the vulnerability. While Google Chrome can be manually updated, the level of effort required and lack of feedback and logging may not make this the preferred option for most organizations.
Recommended Actionīecause of Google’s admission that an exploit already exists for this vulnerability and the release of an update to resolve it, it is strongly recommended that all organizations which can update to the latest Chrome version. This is the second zero-day Chrome vulnerability with exploits in the wild in 2022 with the first being CVE-2022-0609 (also resolved via update in February). This vulnerability is in Chrome’s JavaScript engine and was submitted by an anonymous source. Google describes this as a high severity vulnerability which is considered a type confusion weakness. 84 to address this vulnerability which is available on the Stable Desktop channel. Simultaneously, Google has released Chrome version.
Google has not released any details on the method of exploit, or other specifics of the exploit. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.On March 25 th, 2022 Google published a security advisory referencing CVE-2022-1096 indicating that it is “aware that an exploit for CVE-2022-1096 exists in the wild.”
Users are recommended to upgrade to version 1.102 for Windows, macOS, and Linux to mitigate potential threats. An anonymous tipster reported the problem on August 30th, and Google says it expects the update to roll out to all users in the coming days or weeks. "Google is aware of reports that an exploit for CVE-2022-3075 exists in the wild," the company said in a September 2nd blog post. The zero-day bug fixed today (CVE-2022-3075) is a high severity vulnerability caused by insufficient data validation in Mojo, a collection of runtime libraries that facilitates message passing across arbitrary inter- and intra-process boundaries. Google has released a security update for the Chrome browser on Windows, Mac and Linux to fix a newly discovered zero-day vulnerability that is being exploited actively by cyberattacks.
0 kommentar(er)
