Just three days after Chrome’s previous update, which patched 24 security holes that were not in the wild…
…the Google programmers announced the release of Chrome 105.0.5195.102, where the last of the four numbers in the quadruplet jumps up from 52 on Mac and Linux and 54 on Windows.
The release notes confirm, in the clipped and frustrating “indirect statement made in the passive voice” bug-report style that Google seems to have borrowed from Apple:
CVE-2022-3075: Insufficient data validation in Mojo. Reported by Anonymous on 2022-08-30 [...] Google is aware of reportsrts [sic] that an exploit forCVE-2022-3075exists in the wild.
Microsoft has put out an update, too, taking its browser, which is based on Chromium, to Edge 105.0.1343.27.
Following Google’s super-brief style, Microsfoft wrote merely that:
This update [Edge 105.0.1343.27] contains a fix forCVE-2022-3075, which has been reported by the Chromium team as having an exploit in the wild As always, our translation of security holes written up in this non-committal way is: “Crooks or spyware vendors found this vulnerability before we did, have figured out how to exploit it, and are already doing just that.”
…………..
What to do?
Patch early, patch often!
In Chrome, check that you’re up to date by clicking Three dots > Help > About Google Chrome, or by browsing to the special URL chrome://settings/help.
The Chrome version you are looking for (or Chromium version , if you’re using the non-proprietary, open source flavour) is: 105.0.5195.102 or later.
In Edge, it’s Three dots > Help and feedback > About Microsoft Edge.
The Edge version you’re after is: 105.0.1343.27 or later.
Google’s release notes also list an update to the Extended Stable Channel, which you might be using if you’re on a computer provided by work – like Mozilla’s Extended Support Release or ESR, it’s an official version that lags behind on features but keeps up with security patches, so you aren’t forced to adopt new features just to get patched.
The Extended Stable version you want is: 104.0.5112.114.
Google has also just announced a Chrome for iOS update, available (as always) via the App Store.
There’s no mention of whether the iOS version was affected by CVE-2022-3075, but the version you’re after, in any case, is 105.0.5195.100.
(We’re guessing that by iOS, Google means both iOS and iPadOS, now shipped as different variants of Apple’s underlying mobile operating system.)
Nothing in the release notes so far [2022-09-05T13:45Z] about Android – check in Google Play to see if you’re up to date.
