Google releases Chrome 105 emergency update to address security issue
Google released an emergency update for the company's Chrome web browser on September 2, 2022. The update addresses a security issue in the browser that is rated high and exploited in the wild.
The new version is available as an update for Chrome's Stable and Extended Stable channel.
Google released Chrome 105 Stable earlier this week. The update fixed 24 different security issues in the browser, one of them rated critical, the highest rating.
Ahead of Labor Day in the United States, Google released another security update for Chrome. The update brings the version of the browser to 105.0.5195.102 for Windows, Mac and Linux devices, and the Extended Stable channel version to 104.0.5112.114.
As is the case with updates for Chrome, it may take days or even weeks before the rollout completes. Updates are installed automatically once they become available. Since the security vulnerability is exploited actively, it is recommended that Chrome users update their browsers asap.
Updating desktop versions of Chrome is thankfully straightforward and not limited, as it is on Android.
- Load chrome://settings/help in the browser's address bar or select Menu > Help > About Google Chrome.
- Chrome displays the current version and runs a check for updates. The browser should pick up the latest update and install it automatically.
- A restart is required to complete the process.
Chrome 105 security update
The official post on the Chrome releases blog offers little information. The security issue that is patched in the new version of Chrome is rated high, the second highest rating after critical.
[$TBD] High CVE-2022-3075: Insufficient data validation in Mojo. Reported by Anonymous on 2022-08-30
What expedited the release of a security update is the fact that the issue is exploited in the wild. As always, Google does not provide additional information at this point. The scope of attacks targeting the vulnerability in Chrome is unknown.
Mojo "is a collection of runtime libraries providing a platform-agnostic abstraction of common IPC primitives, a message IDL format, and a bindings library with code generation for multiple target languages to facilitate convenient message passing across arbitrary inter- and intra-process boundaries" according to documentation on the Google Source website.
Now you: when do you update your browsers?Advertisement