![]() The emergence of the exploit is the sixth zero-day vulnerability Chrome has succumbed to this year. Microsoft’s Edge browser, which is built on the same Chromium engine as Chrome, has also been updated to fix the same flaw. ![]() The advisory didn’t provide additional details, such as whether attackers are actively exploiting the vulnerability or are simply in possession of exploit code. “Google is aware of reports that an exploit for CVE-2022-3075 exists in the wild,” the company said. ![]() The vulnerability, which is tracked as CVE-2022-3075, was reported to Google last Tuesday by an anonymous party. The vulnerability, which Google disclosed on Friday, is the result of “insufficient data validation in Mojo,” a Chrome component for messaging across inter- and intra-process boundaries that exist between the browser and the operating system it runs on. One of these security teams operated under Google and eventually led to the creation of Project Zero.Google engineers have issued an emergency update for the Chrome browser to fix a high-severity vulnerability that can be exploited with code that’s already available in the wild. “Heartbleed” is one such zero-day exploit, which was privately reported by two separate security teams to OpenSSL. The team’s primary mission is to discover zero-day vulnerabilities – that is, vulnerabilities that are unknown (or unaddressed by) the party that should be interested in its mitigation. Project Zero is a security division employed by Google, which was founded in 2014. It was discovered by Clément Lecigne from Google TAG, with assistance from Sergei Glazunov and Mark Brand from Google Project Zero. The zero-day security flaw fixed today was reported the day the first Google Chrome 94 stable release was published, on September 21. Portals are a feature that the company began testing in 2019, and are used for embedding and seamless transitions between pages. ![]() This can lead to unexpected behavior and can lead to exploitation of the browser in ideal conditions for an attacker. In a security advisory issued by the company (via BleepingComputer), it said that "Google is aware that an exploit for CVE-2021-37973 exists in the wild." Google says that this is a " use after free" attack in Portals, which means that a bug in Portals allows memory that has been freed to still be referenced. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |