If mySize is computed at runtime, that computation should most likely be checking for overflow. If it is a constant, declare it constexpr and get a compile-time warning for the overflow.
In any case, it's the multiplication that has a bug, not malloc (though I agree that the usage you mention is unfortunately common).
Yes it's the multiplication that has the bug, but malloc makes that error common as you said. An API whose usage commonly has trivial security bugs is not a good API. new just wholesale avoids that common category of bugs, so why would you avoid it in favor of malloc? They do the same thing, one just does it safer.
In any case, it's the multiplication that has a bug, not malloc (though I agree that the usage you mention is unfortunately common).