Resources September 7, 2022

Zero-Day Vulnerability Discovered: Google Chrome’s Sixth Zero-Day Exploit This Year

Google Chrome vulnerability

Google has released a security update for the Chrome browser on Windows, Mac, and Linux to fix a newly discovered zero-day vulnerability that is being exploited actively by cyberattacks – and users are urged to apply the update as soon as possible.

What You Need To Know

CVE-2022-307 is the designation given to the newest round of Chrome Zero-Day exploits – insufficient data validation in Mojo.

Mojo is a collection of run-time libraries used to power Google Chrome. Generally presented in the application’s working directory, Mojo is required when running high-level support libraries within Google Chromium. This includes System APIs and/or Binding APIs.

While the extent of this exploit is not currently known, as it has not been released by Google yet, we have previous exploits carrying the same description to keep us out of the dark. The vulnerability tagged CVE-2021-4098 was also ‘Insufficient data validation in Mojo in Google Chrome’ prior to 96.0.4664.110.

If this vulnerability is left unpatched, it opens the host to a remote sandbox escape tactic, typically crafted from a fake website that the host believes to be legitimate. Specifically attacking the renderer process, a fake HTML page is generated by the attacker and lures the host in.

Google has not provided exact details of the security update, noting, “Access to bug details and links may be restricted until a majority of users are updated with a fix.” Information about the vulnerability is likely being withheld for now to prevent cyber criminals from taking advantage of it before most Google Chrome users have had an opportunity to apply the update.

Continuous Monitoring

Adlumin recommends using a Continuous Vulnerability Management (CVM) product to collect the needed data from endpoints to determine if they are running vulnerable versions of Microsoft Windows and Office. CVM software can also be used to identify those assets which have or do not have the official Microsoft mitigation in place. Adlumin also recommends leveraging the business’s SIEM product to continually search and alert for suspicious executions which may be a result of the exploitation of the vulnerability.