1. Summary
| Vulnerability Name | Google Chromium Insufficient Data Validation Vulnerability (CVE-2022-3075) |
|---|---|
| Component Name | Mojo |
| Affected Versions | Google Chrome < 105.0.5195.102 |
| Vulnerability Type | Improper Input Validation |
| Severity | CVSS v3 Base Score 9.8 (Critical) |
| Exploitability | Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required |
| Impact | Confidentiality Impact: High Integrity Impact: High Availability Impact: High |
2. About CVE-2022-3075
2.1 Introduction
Mojo is Chrome's new interprocess communication (IPC) system and provides lots of useful abstractions. These abstractions can make it easier to write code that makes interprocess calls, but can also add significant complexity.
2.2 Summary
Insufficient data validation in Mojo in Google Chrome allows a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2022-3075 was added to CISA’s Known Exploited Vulnerabilities Catalog on September 8, 2022.
3. Affected Versions
Google Chrome < 105.0.5195.102
4. Solutions
4.1 Remediation Solutions
4.1.1 Google Solution
Update Google Chrome to the latest version to fix this vulnerability. To update Google Chrome:
- On your computer, open Chrome
- At the top right, click More ⋮
- Click Help and then About Google Chrome
- Click Update Google Chrome
- Important: If you can't find this button, you're on the latest version
- Click Relaunch
5. Reference
https://nvd.nist.gov/vuln/detail/CVE-2022-3075
6. Learn More
Sangfor FarSight Labs researches the latest cyberthreats and unknown zero-day vulnerabilities, alerting customers to potential dangers to their organizations, and providing real-time solutions with actionable intelligence. Sangfor FarSight Labs works with other security vendors and the security community at large to identify and verify global cyberthreats, providing fast and easy protection for customers.
