Just three days after Chrome’s previous update, which patched 24 security holes that were not in the wild…
…the Google programmers have announced the release of Chrome 105.0.5195.102, where the last of the four numbers in the quadruplet jumps up from 52 on Mac and Linux and 54 on Windows.
The release notes confirm, in the clipped and frustrating “indirect statement made in the passive voice” bug-report style that Google seems to have borrowed from Apple:
CVE-2022-3075: Insufficient data validation in Mojo. Reported by Anonymous on 2022-08-30 [...] Google is aware of reportsrts [sic] that an exploit for CVE-2022-3075 exists in the wild.
As always, our translation of security holes written up in this non-committal way is: “Crooks or spyware vendors found this vulnerability before we did, have figured out how to exploit it, and are already doing just that.”
EoP or RCE?
We’d love to be able to determine, given that the bug relates to the incorrect handling of input data, whether this bug leads to a worrying security outcome such as EoP, short for elevation of privilege, or if it can be abused for a more disastrous result such as full-blown RCE, short for remote code execution.
EoP typically means that crooks need a malware foothold to start with, so that EoP bugs usually can’t be exploited for breaking in the first place.
They’re still vital to patch, because a crook who’s sneaking round your computer under cover of a limited user such as GUEST will often bring along an EoP exploit to “promote” themselves so they have root or sysadmin powers, aiming to turn what might otherwise have been a modest risk on a single computer into a total compromise of your whole network.
RCE exploits, on the other hand, are commonly used either to get a beachhead inside a network to initiate an attack, or to jump repeatedly from computer to computer once inside, or both.
Once again, the brevity of Google’s report means that, even though the bug report is High and not Critical, we’re going to invite you to infer that we’re talking about RCE here, and therefore to assume that a determined attacker could use this bug to implant…