Google Focuses on Security Flaws in New Chrome 105 Release

Google is rolling out the latest version of its web browser to desktop and mobile users worldwide. Chrome 105 includes a handful of new features, but mostly focuses on security flaws.

In all, the newest version of the world’s most popular web browser delivers 24 security fixes for desktop users, and several performance improvements for mobile users.

“Chrome 105.0.5195.52 (Mac/linux) and 105.0.5195.52/53/54 (Windows) contains a number of fixes and improvements,” Prudhvikumar Bommana writes on the Chrome Releases blog.

At least one vulnerability, tracked as CVE-2022-3038, is rated Critical, with several others rated as high-severity flaws.

CVE-2022-3038 is described as a use-after-freeweakness in Chrome’s Network Service component.

In cybersecurity, use-after-free refers to memory corruption when an application tries to use memory no longer assigned to it. Attackers can exploit freed-up memory in a program and use it as an area to execute their own arbitrary (malicious) code.

As usual, other bugs squashed in Chrome 105 are rated as less-severe, but are still noteworthy.

Google is (so far) awarding over $45,000 in bug bounties, with some rewards yet to be calculated.

On the mobile front, Chrome 105 is now rolling out to iOS userswith enhanced safe browsing protections and unnamed “stability and performance improvements.” Android customers are yet to be treated to a Chrome 105 build.

While none of the security flaws listed in this release are known to have been used in hacks, the bugs are now public and therefore exploitable, meaning it’s important to update as soon as possible.