If you’re running Google Chrome on Windows, Mac or Linux, you should check to see if a patch is available immediately.
In a blog post (opens in new tab) Google announced that Chrome version 105.0.5195.102 will be rolling out “over the coming days/weeks.” The update contains a security fix for a high-importance vulnerability called CVE-2022-3075 which Google believes “exists in the wild.” In other words, it’s something that hackers appear to be actively exploiting.
The full details of the zero-day exploit are not being published for very sensible reasons: highlighting a vulnerability before the world’s web browsers are inoculated against it is just asking unaware hackers to target users themselves. Or as Google puts it: “Access to bug details and links may be kept restricted until a majority of users are updated with a fix.
“We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.”
While Google doesn’t say whether that applies here, the limited details provided suggests it very well might. The listing explains that the bug in question is based on “insufficient data validation in Mojo.” Mojo (opens in new tab) is a group of runtime libraries used by Chromium, which is the open-source codebase used not just by Chrome, but by the likes of Microsoft Edge, Opera, Vivaldi and Brave.
The good news is that Chrome is very easy to update and, in fact, it will usually silently patch itself without you even noticing. Just restart your browser and it should patch to the latest version.
You can check that it’s worked by clicking the three-dot icon in the top right-hand corner, and then selecting “Help.” From there, press “About Google Chrome” and you should see a page which tells you whether Chrome is up to date or not. If you’re still struggling, check our “how to update Chrome” guide for more advice.
With around two-thirds of all desktop computers in the world using Google Chrome, it’s no surprise that it’s a big target for hackers looking to access people’s personal data. Indeed, by The Verge’s (opens in new tab) count, this is the sixth zero-day exploit patched in 2022 alone, so make sure you occasionally give Chrome a restart to keep your protection up.