Update to Chrome 105 closes 24 gaps

Google has released its Chrome browser in the new major version 105. The developers have closed 24 vulnerabilities in the browser, one of which is classified as critical.

With Chrome 105.0.5195.52/53/54 for Windows (105.0.5195.52 for macOS and Linux), Google brings its web browser into the 105 generation. In the new main version, the developers have eliminated 24 vulnerabilities. Options for manipulating the clipboard are currently the subject of discussion.

In the Chrome Release Blog, Prudhvikumar Bommana lists those 21 of the 24 fixed vulnerabilities that were discovered by external researchers and reported to Google. A 0-day gap is not included. However, Google classifies one of the vulnerabilities (CVE-2022-3038 in the Network Service) as critical and another eight as high risk. Many are use-after-free vulnerabilities in various browser components, such as WebSQL, Layout, and PhoneHub. Nine gaps are considered medium and three are considered low risk.

▶The latest security updates

So far, Google has awarded the outside researchers $62,500 in awards. As always, Google has not published any details about the internally found security gaps. As a rule, Chrome updates itself automatically when a new version is available. With

Help » About Google Chrome

you can trigger the update check manually.

Read and write access to the clipboard

A vulnerability that affects all Chromium-based browsers (Chrome, Edge, Opera, Brave, Vivaldi and others) is currently being discussed (not only) among Chromium developers. It is currently possible for a website to read content from the clipboard and write new content to it – possibly without requiring user interaction that can be interpreted as qualified consent. With a bit of criminal energy, scenarios can be implemented in which a fraudulent website could replace credit card or account data that a user wants to transfer to a web form via the clipboard. What a secure solution could look like that does not violate existing interface specifications (API specs) is still the subject of discussion.

Other Chromium-based browsers

The manufacturers of other Chromium-based browsers are now being asked to follow suit with appropriate updates. Microsoft Edge 104.0.1293.70, Brave 1.42.97, Vivaldi 5.4.2753.40 and Opera 90.0.4480.54 are based on the current Chromium version 104.0.5112.102 (or something newer). At Vivaldi it remains to be seen whether the current practice of omitting odd Chromium main versions (like 105) and instead using the Extended Stable Channel to close security gaps in the meantime will remain. In the Extended Stable Channel, Google made version 104.0.5112.111 available at the same time as Chrome 105, but without stating whether and which vulnerabilities were fixed in it.

Chrome 105.0.5195.68 for Android and Chrome 105.0.5195.69 for iOS have also been released. Google will release Chrome 106 on September 27th.

Chromium-based browsers at a glance:



Chromium version

Google Chrome


105.0.5195.54 🟢



104.0.5112.102 🟠

Microsoft Edge


104.0.5112.102 🟠



104.0.5112.102 🟠



104.0.5112.105 🟠

Chromium-based browsers as of 8/30/2022

Related Articles

Leave a Reply

Your email address will not be published.

Back to top button