Google releases emergency update for Chrome containing serious security issues
The patch for the zero-day vulnerability is the sixth patch Google has released for the Chrome browser so far this year. For fairly obvious reasons, the company hasn’t released much information about the issue, which has been classified as high severity.
Google describes the security update as follows:
NOTE: Access to bug details and links may remain restricted until most users are updated to fix it. We will also keep the limit if the bug exists in a third-party library that other projects also depend on, but has not been fixed.
This update includes 1 security fix. Below, we highlight fixes contributed by external researchers. See the Chrome Security page for more information.
[$TBD] High CVE-2022-3075: Insufficient data validation in Mojo. Reported by Anonymous on 2022-08-30
We would also like to thank all the security researchers who worked with us during the development cycle to prevent security bugs from entering the stable channel.
Many of our security vulnerabilities were detected by AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer or AFL.
Google is aware of reports that the vulnerability for CVE-2022-3075 exists externally.
Given the severity of the flaw, combined with the fact that the vulnerability is known to exist, it’s a little surprising that Google hasn’t been more aggressive in pushing patches to users. The rollout of Chrome 105.0.5195.102 is now underway, but it may take a few weeks to complete.
Thankfully, you’ll get this latest version if you perform a manual check for updates — just open the Chrome menu and choose Help > About Google Chrome.