Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Chrome Security IT

Google Chrome Emergency Update Fixes New Zero-Day Used in Attacks (bleepingcomputer.com) 15

Google has released Chrome 105.0.5195.102 for Windows, Mac, and Linux users to address a single high-severity security flaw, the sixth Chrome zero-day exploited in attacks patched this year. From a report: "Google is aware of reports that an exploit for CVE-2022-3075 exists in the wild," the company said in a security advisory published on Friday. This new version is rolling out in the Stable Desktop channel, with Google saying that it will reach the entire user base within a matter of days or weeks. It was available immediately when BleepingComputer checked for new updates by going into the Chrome menu > Help > About Google Chrome. The web browser will also auto-check for new updates and automatically install them after the next launch.
This discussion has been archived. No new comments can be posted.

Google Chrome Emergency Update Fixes New Zero-Day Used in Attacks

Comments Filter:
  • by Virtucon ( 127420 ) on Tuesday September 06, 2022 @10:45AM (#62856896)

    I couldn't find much detail on it, does anybody have any details?

    • by bill_mcgonigle ( 4333 ) * on Tuesday September 06, 2022 @10:54AM (#62856936) Homepage Journal

      Looks like the affected code is for:

      Mojo is a collection of runtime libraries providing a platform-agnostic abstraction of common IPC primitives, a message IDL format, and a bindings library with code generation for multiple target languages to facilitate convenient message passing across arbitrary inter- and intra-process boundaries.

      and is written in C. It seems like nothing but rewriting everything touching the Internet in Rust or higher level languages will ever work.

      It's like C is just high level enough that you can't see the problems that would be apparent when coding in assembly but just low level enough that you can't see the mistakes that would be apparent in a more expressive language.

      I can live with webpages taking 10% longer to load. Maybe Firefox will make a comeback if they actually manage a full port.

      • I know everyone wants to bask in the Rust wankery, but the real problem is including all kinds of stupid stuff that shouldn't be there in the first place. We've been told for years that all the major browsers are mutli-process, but this is a lie. They all "fake" multiprocessing for performance and resource usage reasons. Modern web browsers are a mess.

        If your architecture is bad and the platform is designed for data collection, no language will save you.

  • by awwshit ( 6214476 ) on Tuesday September 06, 2022 @12:40PM (#62857296)

    Welcome to the new IE. Except this time when you break Chrome you break Chromium and a bunch of other browsers too.

    One browser to rule them all, Google's precious browser, is a bad idea.

Think of it! With VLSI we can pack 100 ENIACs in 1 sq. cm.!

Working...