Adhoc update: Chrome Vulnerability is Being Actively Exploited

Further information is now available on the update for the Chrome browser published by Google a few days ago. These show that an emergency update is highly recommended as a vulnerability is being exploited extensively. Google recently released Chrome version 105.0.5195.102 out of order. This closes a single critical security hole on Windows, Mac, and Linux systems.

This is already the sixth zero-day vulnerability this year, i.e. a problem that malware developers have long since been actively abusing when it became known. The vulnerability arose because insufficient data validation was performed in the Mojo libraries.

This allowed information to be injected into the processing processes, which attackers could use to their advantage. A further aggravating factor here was that the data could also be foisted on other processes beyond the limits of the respective memory area.

Details Coming later

However, Google has not yet published any further details on the problem. It’s actually quite common that after a patch has been released, sample code for an exploit is also provided so that other developers can learn from the bug. However, Google wants to wait until enough users have downloaded and installed the Chrome update. But even then it could be that detailed information is withheld.

Because the actual mistake was not made by Google. The affected libraries come from the open source camp and are also used in other software products so there is also a risk of misuse. Incidentally, Google claims to have found out about the security gap from an external security researcher who wanted to remain anonymous.

Mark Goodman

Digital marketing enthusiast and industry professional in Digital technologies, Technology News, Mobile phones, software, gadgets with vast experience in the tech industry, I have a keen interest in technology, News breaking.