Google has released an important security update for Chrome. It fixes a browser vulnerability that is already being exploited for attacks. Other browser manufacturers have already responded.
With the update to Chrome 105.0.5195.102 for Windows, macOS and Linux, Google closes a 0-day vulnerability in its browser. Chrome 105 just came out last week. Several manufacturers of other Chromium-based browsers quickly followed suit and provided updates almost simultaneously. So far these are Microsoft (Edge), Brave and Vivaldi. As is so often the case, Opera takes its time.
In the Chrome Release Blog, Prudhvikumar Bommana states that the vulnerability CVE-2022-3075 was discovered by an anonymous external researcher and reported to Google on August 30th. The vulnerability resides in Mojo, a collection of shared libraries in Chromium, and is classified as high risk. Google does not provide information on the prevalence of attacks that exploit this vulnerability.
▶The latest security updates
As a rule, Chrome updates itself automatically when a new version is available. With “≡
Help » About Google Chrome
” you can trigger the update check manually.
Other Chromium-based browsers
Microsoft, Brave, Opera and Vivaldi had updated their browsers last week to respond to Chrome 105. Almost simultaneously with Google’s emergency update, Microsoft, Brave and Vivaldi also released new security updates for their browsers. Microsoft Edge 105.0.1343.27 and Brave 1.43.89, like Chrome, include the updated Chromium base 105.0.5195.102.
Vivaldi, on the other hand, takes a different approach and omits odd Chromium versions (like 105). Instead, the manufacturer relies on the Extended Stable Channel of the previous version 104. The latest Vivaldi version 5.4.2753.47 contains Chromium 104.0.5112.115. The 0-day gap CVE-2022-3075 is also plugged in it.
Opera has not yet responded in a recognizable manner. Opera 90.0.4480.80, released on September 1st, is still based on Chromium 104 (104.0.5112.102 from August 16th) and therefore still has a number of security holes. Opera 91 based on Chromium 105 is still in beta testing phase.
Chrome 105.0.5195.77 for Android and Chrome 105.0.5195.100 for iOS have also been released. Google will release Chrome 106 on September 27th.
Chromium-based browsers at a glance: