Chrome fixes 0-day security hole reported anonymously – update now! – Naked Security

Just three days after Chrome’s previous update, which patched 24 security holes that were not in the wild…

…the Google programmers have announced the release of Chrome 105.0.5195.102, where the last of the four numbers in the quadruplet jumps up from 52 on Mac and Linux and 54 on Windows.

The release notes confirm, in the clipped and frustrating “indirect statement made in the passive voice” bug-report style that Google seems to have borrowed from Apple:

   CVE-2022-3075: Insufficient data validation in Mojo.

   Reported by Anonymous on 2022-08-30


   Google is aware of reportsrts [sic] that an exploit 
   for CVE-2022-3075 exists in the wild.

As always, our translation of security holes written up in this non-committal way is: “Crooks or spyware vendors found this vulnerability before we did, have figured out how to exploit it, and are already doing just that.”