CVE-2022-3075 - Google Chromium Mojo Insufficient Data Validation Vulnerability

Vulnerability Name

Google Chromium Mojo Insufficient Data Validation Vulnerability

Description

Google Chromium Mojo contains an insufficient data validation vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply updates per vendor instructions.

Additional Notes

https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop.html, https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3075

https://nvd.nist.gov/vuln/detail/CVE-2022-3075