Analysis
On 30th August 2022, an anonymous user reported a zero-day vulnerability that is actively exploited in the wild, the vulnerability was identified in chrome and chromium-based browsers such as Microsoft Edge.
This vulnerability was found in mojo(Mojo is a collection of runtime libraries providing a platform-agnostic abstraction of common IPC primitives) which leads to insufficient data validation, where the vulnerability passes the input without proper validation, it was also reported that by taking advantage of this vulnerability a successful attacker can send customized links as part of exploitation, this the vulnerability was classified as CVE-2022-3075 in Common Vulnerability and exposures vulnerability database, which has a severity of “High” and a vulnerability score of 8.8 as per CVSS v3(Common vulnerability scoring system).
On 2nd September chrome published a blog with a patch and details of vulnerabilities and keeps the bug details restricted until the majority of the users update the fix.
CVSS v3: 8.8 (High)
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Unchanged
Confidentiality: High
Integrity: High
Availability: High
Prevention
- Update Google Chrome version 105.0.5195.102 or later.
- Update Microsoft Chromium Edge to 105.0.1343.27 or later.
References
Chrome Releases
Tenable