Google is working on an update for a critical Chrome vulnerability that is being actively exploited by hackers.
Google confirms in a blog post that the vulnerability is present in Chrome for Windows, Mac and Linux. The tech giant is working on a solution. Google expects to roll out the patch in the coming weeks.
An anonymous cybersecurity researcher reported the vulnerability to Google on August 30. The Common Vulnerability Scoring System ranks the threat as very serious, the second highest risk category. The vulnerability was registered as CVE-2022-3075.
Mojo runtime libraries
Chrome is based on Chromium, an open-source browser backend from Google. The vulnerability is present in Mojo, a set of runtime libraries for Chromium. Developers use runtime libraries to integrate functions into applications without having to build the functions from scratch.
Each Chrome tab runs in a separate process. Mojo is responsible for data transport between Chrome processes.
According to Google, the vulnerability is due to a lack of data validation in Mojo. Data validation prevents hackers from entering malicious data into applications. Without data validation, apps are vulnerable to cyber attacks.