New high-risk vulnerability in Chrome browser discovered

Recently, Google officially released a risk notice for the Chrome browser, announcing a new high-risk vulnerability, which is numbered CVE-2022-3075 and has a vulnerability score of 7.4.

Similar to the previous high-risk vulnerability situation, in order to avoid further expansion of the scope of impact, Google has not released the plot information of the vulnerability, only that the vulnerability is related to the "insufficient data verification" of Mojo, a collection of Chromium framework runtime libraries.

It is reported that Mojo is a collection of runtime libraries that provide platform-independent abstractions of common IPC primitives, message IDL formats, and binding libraries that can generate code for a variety of target languages ​​to facilitate cross arbitrary inter-process and intra-process boundaries. Convenient messaging.

Therefore, an attacker could exploit this vulnerability by inducing users to visit malicious links in various ways. A remote attacker who successfully exploited this vulnerability could bypass security restrictions and execute arbitrary code on the server.

In short, this vulnerability has high utilization value for attackers, and has a large scope of influence, which may affect the information security of users.

In the latest version 105.0.5195.102 of the Chrome browser, Google has fixed the vulnerability. In order to ensure information security, it is best to update this version as soon as possible.

It should be noted that browsers such as Edge that use the Chromium kernel are also affected by this vulnerability, and users should upgrade to the new version as soon as possible.