Blog

Google Chrome users on Windows, Mac, and Linux need to install the latest update to the browser to protect themselves from a serious security vulnerability that hackers are actively exploiting.

“Google is aware of reports that an exploit for CVE-2022-3075 exists in the wild,” the company said in a September 2nd blog post.

An anonymous tipster reported the problem on August 30th, and Google says it expects the update to roll out to all users in the coming days or weeks.

The company hasn’t released much information yet on the nature of the bug. What we know so far is that it has to do with “Insufficient data validation” in Mojo, a collection of runtime libraries used by Chromium, the codebase that Google Chrome’s built on.

Google said, “Access to bug details and links may be kept restricted until a majority of users are updated with a fix.” By keeping those details under wraps for now, Google makes it harder for hackers to figure out how to exploit the vulnerability before the new update closes the opportunity for attacks.

Chrome users need to relaunch the browser to activate the update. This will update Chrome to version 105.0.5195.102 for Windows, Mac, and Linux. 

To make sure you’re using the latest version, click the icon with the three dots in the top right corner of your browser, it might already be red and say “Update,” then click on “Relaunch To Update Chrome.”

You can also click the icon with the three dots in the top right corner of your browser > navigate to “Help,” > “About Google Chrome” and that will lead you to the page that tells you if Chrome is up to date on your device.

This latest update comes just days after Google released Chrome version 105 on August 30th. That update already came with 24 security fixes. Apparently, that still wasn’t enough.

This is the sixth zero-day vulnerability Chrome has faced so far this year. The last vulnerability that was actively exploited was just flagged in mid-August, BleepingComputer reported.