Home Science & Technology Why you should check for a Chrome update right away

Why you should check for a Chrome update right away

54
0


Simple two days after the previous updateGoogle pushed an emergency Chrome update last Friday to address the zero-day vulnerability already exploited in the wild. If you use Chrome, the update process is automatic; you just need to restart your browser when prompted for it to take effect. Users of other Chromium-based browsers, such as Microsoft Edge, Brave, Opera, and Vivaldi, should also keep an eye out for updates. Google is keeping the information quiet for security reasons, but here’s what we know.

Vulnerability is a catchy name CVE-2022-3075– was just brought to Google’s attention August 30 by an anonymous security researcher. The fact that the company released an emergency security update on September 2 speaks to the seriousness of the underlying problem. The previous update—accidentally released on August 30—fixed 24 security issues, including another critical zero-day, so it’s significant that Google felt the need to release an update to immediately fix one vulnerability. This was the sixth zero-day that Google has fixed this year.

According to Google, CVE-2022-3075 concerns “insufficient data validation in the Mojo”, a collection of important low-level routines in Chromium, which is the browser engine used by Google Chrome. It’s listed as a “critical” vulnerability, which essentially means that an attacker who exploits it could significantly compromise your browser or computer. Depending on the vulnerability, this could mean things like being able to steal passwords or credit card information, installing malware on your system, and otherwise do very unpleasant things. These are the exploits used by hackers in movies (or working for national governments).

[Related: You need to protect yourself from zero-click attacks]

For now, Google is keeping many details of the vulnerability quiet until a significant portion of Chrome’s user base is safe from the exploit. When it’s used in the wild, Google doesn’t want to emphasize its usefulness to bad actors. The payment of a reward for a mistake for anonymous the researcher also undisclosed but could be as high as $150,000.

[Related: ‘The Merge’ is happening. Here’s what that means for those in crypto.]

This emergency update, which updates Chrome to version 105.0.5195.102 for Windows, Mac, and Linux, was released over the past few days. You can check which version of Chrome you are currently using by following the link More (three little dots) > Help > About Chrome. Updates should download automatically, but you need to restart your browser for them to fully install. If you see the Refresh button in the upper right corner of the browser, click it. This is a major security update that should be installed immediately.

If you use other Chromium-based browsers, such as Microsoft Edge, Brave, Opera, and Vivaldi, you should also update them as soon as possible. All four have updates available to prevent the exploit.

Previous articleNew US Fed chief Barr details capital review and climate tests Reuters
Next articleA giant nuclear power plant in Ukraine is at risk of “unlimited release” of nuclear material unless a safe zone is created, UN warns