Google Chrome Emergency Update Fixes New Zero-Day Used in Attacks

Google has released Chrome 105.0.5195.102 for Windows, Mac, and Linux users to address a single high-severity security flaw, the sixth Chrome zero-day exploited in attacks patched this year. From a report: "Google is aware of reports that an exploit for CVE-2022-3075 exists in the wild," the company said in a security advisory published on Friday. This new version is rolling out in the Stable Desktop channel, with Google saying that it will reach the entire user base within a matter of days or weeks. It was available immediately when BleepingComputer checked for new updates by going into the Chrome menu > Help > About Google Chrome. The web browser will also auto-check for new updates and automatically install them after the next launch.

Another "It's bad and we're not going to tell you"

[Virtucon]

I couldn't find much detail on it, does anybody have any details?

Re:Another "It's bad and we're not going to tell y

[bill_mcgonigle]

Looks like the affected code is for:

Mojo is a collection of runtime libraries providing a platform-agnostic abstraction of common IPC primitives, a message IDL format, and a bindings library with code generation for multiple target languages to facilitate convenient message passing across arbitrary inter- and intra-process boundaries.

and is written in C. It seems like nothing but rewriting everything touching the Internet in Rust or higher level languages will ever work.

It's like C is just high level enough that you can't see the problems that would be apparent when coding in assembly but just low level enough that you can't see the mistakes that would be apparent in a more expressive language.

I can live with webpages taking 10% longer to load. Maybe Firefox will make a comeback if they actually manage a full port.

Re:Another "It's bad and we're not going to tell y

[Anonymous Coward]

Sloppy and GIGANTIC. How come my web browser takes 3 or 4 days to compile while the entire Linux kernel is less than a few hours?

Google put everything, the kitchen sink AND the bathroom toilet, into Chrome. It wasn't enough to use third party libraries, they had to fork and use THEIR local version of all the libraries too.

Security maintenance nightmare.

Re:

[Waccoon]

I know everyone wants to bask in the Rust wankery, but the real problem is including all kinds of stupid stuff that shouldn't be there in the first place. We've been told for years that all the major browsers are mutli-process, but this is a lie. They all "fake" multiprocessing for performance and resource usage reasons. Modern web browsers are a mess.

If your architecture is bad and the platform is designed for data collection, no language will save you.

New IE

[awwshit]

Welcome to the new IE. Except this time when you break Chrome you break Chromium and a bunch of other browsers too.

One browser to rule them all, Google's precious browser, is a bad idea.

Re:

[Merk42]

You're free to make your own browser and/or engine.

Re:

[awwshit]

That is some argument in favor of spyware. You've got me convinced.

Re:

[Merk42]

What does that have to do with anything?

Re:

[awwshit]

Exactly. Enjoy your risky spyware.

Re:

[Merk42]

Are you unable to have a coherent conversation?

Re:

[awwshit]

You're free to eat dogshit.

Still not buying your argument on why I should build my own browser rather than use an alternative that is not based on Google spyware.

Re:

[Merk42]

I never said you couldn't use an alternative.