If it seems like you just updated Chrome, that’s because you did. Google refreshed its web browser to version 105 on Wednesday, introducing new features and security patches. However, only days later, Google has provided yet another update. The company doesn’t usually issue surprise updates without a good reason, and they’ve got one: Chrome 105 includes a zero-day security flaw.
Google announced the update in a Chrome Releases blog post on Friday. The new version, 105.0.5195.102, is now available for Windows, Mac, and Linux, and introduces only a single patch:
- [$TBD] High CVE-2022-3075: Insufficient data validation in Mojo. Reported by Anonymous on 2022-08-30
An update with just one change might not seem significant, but in this case, it is—and it’s important you update as soon as possible. The vulnerability, identified as CVE-2022-3075, is an insufficient data validation issue. That isn’t great, but wouldn’t typically be terribly pressing; in most cases, I’d expect Google to wait until the next scheduled update to push such a patch to users. But Google, has confirmed an exploit for the bug exists in the wild, making the vulnerability a zero-day security issue.
A zero-day is a security flaw with an exploit the developer previously did not known about. By contrast, most security flaws are discovered by the developer, or a third-party who discloses it to the developer, allowing said developer to create a patch for the vulnerability and fix it before anyone figures out how to exploit it against users for personal gain.
Unfortunately, someone already apparently knows how to exploit CVE-2022-3075, which is why Google has pushed out a surprise patch for the flaw so quickly after Wednesday’s big 105 update.
How to update Google Chrome to patch this zero-day security flaw
Google wants all Chrome apps protected from this zero-day threat. As such, the company will likely automatically update your browser to the latest version upon launch. While it’s possible your instance of Chrome has already updated, the automatic process can take weeks, leaving you vulnerable in the meantime.
To ensure you’re safe right now, it’s best to trigger the update manually. Click the three dots in the top-right corner of the browser window, then choose Help > About Google Chrome. Allow Chrome to search for a new update. If one is available, click Relaunch to install it.
Read the full article here