Update Chrome immediately -- Google releases emergency patch for serious security issue
Whether you are running Windows, macOS or a Linux distro, if you're a Chrome user there is an extremely important update to install right now.
Google has released Chrome 105.0.5195.102 for all three platforms to address the vulnerability which is tracked as CVE-2022-3075. The security flaw, which relates to data validation in the Mojo runtime libraries, is known to have been exploited in the wild, so users are advised to actively seek out the update rather than waiting for Google to roll it out to everyone.
See also:
- Google launches new Open Source Software Vulnerability Rewards Program (OSS VRP)
- Microsoft undercovers high severity vulnerability which could allow one-click hijacking of TikTok accounts
- Ex director of UX at Microsoft is 'shocked' at the confusing Start menu experience in Windows 11
The patch for the zero-day vulnerability is the sixth to be released by Google for Chrome so far this year. The company has not, for fairly obvious reasons, published a great deal of information about the issue which is has been labelled as high severity.
Releasing the latest version of Chrome, Google says:
Security Fixes and Rewards
Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.
This update includes 1 security fix. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.
[$TBD][1358134] High CVE-2022-3075: Insufficient data validation in Mojo. Reported by Anonymous on 2022-08-30
We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.
Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.Google is aware of reports that an exploit for CVE-2022-3075 exists in the wild.
Bearing in mind the severity of the flaw, coupled with the fact that exploits are known to exist, it is a little surprising that Google is not being more proactive in pushing out patches to users. The rollout of Chrome 105.0.5195.102 is now underway, but this could take weeks to complete. Thankfully, if you perform a manual check for update, you will be offered this latest version -- just open the Chrome menu and select Help > About Google Chrome.
Image credit: Anjo ten Kate / Shutterstock