USERS URGED TO INSTALL UPDATE ‘IMMEDIATELY’

0
35

Google Chrome, one of the mostly used internet browsers in the world is used in all Windows, Linux, and Macs without any difference. It is indeed safe, easy and efficient. Nonetheless, the Google Chrome software discovered a severe Zero-day software vulnerability recently, which had allowed hackers to actively exploit to steal some data. “A zero-day, actually, is a computer-software vulnerability previously unknown to those stakeholders who should be interested in its mitigation, like the vendor of the target software. Until the vulnerability is mitigated, hackers can exploit it to adversely affect programs, data, additional computers or a network”

“Google is aware of reports that an exploit for CVE-2022-3075 exists in the wild,” the company had announced about the vulnerability to public in a blog post that they had posted last week.

Much information about the nature of this bug has not been revealed yet, and all that is known till now is that it has something to do with “Insufficient data validation” in Mojo, a collection of runtime libraries used by Chromium, the codebase that Google Chrome’s built on.

Bug-Bounty

In fact, the bug had been revealed by a cyber-security researcher who has not revealed his identity yet. He will, most probably, receive a bug bounty. According to Zdnet, “Bug bounty is a program that focuses specifically on open-source software. Bug hunters can earn anywhere from US $100 to upwards of US $31,000 via the new Open Source Software Vulnerability Rewards Program (OSS VRP), depending on the severity of the vulnerability they find. Google’s new program encourages bug hunters to look for issues in up-to-date versions of open-source software (including repository settings) stored in the public repositories of Google-owned GitHub organisations (such as Google, GoogleAPIs and GoogleCloudPlatform). It also focuses on those projects’ third-party dependencies.”

Google has thanked the cyber-security researchers who contribute to maintain the security of their software in a public notice. “We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel”

A new update

The Google Chrome Company has declared that a new security update will be released soon in the coming days or the week to patch this bug. This update comes just days after the new version Google Chrome version which was released on 30 August.

“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” says the company to prevent any cyber-criminals fondly exploiting the vulnerability to steal the data of their users world-wide. The intention behind keeping back the information about this issue is also to protect other cyber-attackers manipulating the user data.

However, the Google urges the Chrome users to update their software as soon as possible to prevent any data loss. “Chrome users need to re-launch the browser to activate the update. This will update Chrome to version 105.0.5195.102 for Windows, Mac, and Linux. To make sure you’re using the latest version, click the icon with the three dots in the top right corner of your browser. Navigating to ‘Help,’ and then ‘About Google Chrome’ will lead you to a page that tells you whether Chrome is up to date on your device guides The Verge on updating the software.

By Induwara Athapattu