Everything You Need to Know About New in Chrome 105

Introduction

Google pumps out new software like Clockwork for its web browsers; Often, in fact, you can tend to tune new versions as they become available. Don’t give up on Chrome 105, though—this patch is a bunch Bad security vulnerabilities, and adds some new features to boot.

Google fixes 24 new security vulnerabilities

Chrome 105 patches 24 security vulnerabilities found in previous versions of the browser, including 21 provided by third-party researchers. Of these vulnerabilities, one is rated as “severe” and eight as “high” severity. While these nine vulnerabilities are particularly important to patch, it’s important to note that none of these, nor any others, are zero-days. This means that Google hasn’t identified an exploit in the wild for anyone, so, theoretically, no one knows how to use these vulnerabilities against you. So far.

Still, Google is now publicly acknowledging these flaws by publishing them as part of patches, meaning bad actors will inevitably figure out how to exploit them. For this reason alone, it’s worth taking the time to update immediately.

Check out 22 loopholes Google published on its blog, with a reward awarded to researchers, when available. It is not clear why the other two patches have not been disclosed.

G/O Media may get commission

• [$NA][1340253] Critical CVE-2022-3038: Free after use in network service. 2022-06-28 by Sergei Glazunov of Google Project Zero. reported to

• [$10000][1343348] High CVE-2022-3039: Free to use in WebSQL. Reported by Nan Wang (@eternalsakura13) and Guang Gong of the 360 ​​Vulnerability Research Institute on 2022-07-11
• [$9000][1341539] High CVE-2022-3040: Use after free in layout. Reported by Anonymous on 2022-07-03
• [$7500][1345947] High CVE-2022-3041: Free to use in WebSQL. Reported by Ziling Chen and Nan Wang (@eternalsakura13) of 360 Vulnerability Research Institute on 2022-07-20
• [$5000][1338553] High CVE-2022-3042: Free after use in PhoneHub. Reported by Cookola (@alo_cook) and Guang Gong of 360 Vulnerability Research Institute on 2022-06-22
• [$3000][1336979] High CVE-2022-3043: Heap buffer overflow in screen capture. Reported by @ginggilBesel on 2022-06-16
• [$NA][1051198] High CVE-2022-3044: Improper implementation in site isolation. Reported by Lucas Pinheiro, Microsoft Browser Vulnerability Research 2020-02-12
• [$TBD][1339648] High CVE-2022-3045: Insufficient verification of untrusted input in V8. Reported by Ben Nordhuis on 2022-06-26
• [$TBD][1346245] High CVE-2022-3046: Use after free in browser tag. Reported by VRI’s Rong Jian on 2022-07-21
• [$7000][1342586] Medium CVE-2022-3047: Insufficient policy enforcement in the Extensions API. Reported by Maurice Daur on 2022-07-07
• [$5000][1303308] Medium CVE-2022-3048: Inappropriate implementation in Chrome OS lockscreen. 2022-03-06 . Reported by Andr.Ess
• [$3000][1316892] Medium CVE-2022-3049: Use for free in splitscreen. Reported by @ginggilBesel on 2022-04-17
• [$3000][1337132] Medium CVE-2022-3050: Heap buffer overflow in WebUI. Reported by Jihua Yao of Kunlun Lab on 2022-06-17
• [$2000][1345245] Medium CVE-2022-3051: Heap buffer overflow in the exosphere. Reported by @ginggilBesel on 2022-07-18
• [$2000][1346154] Medium CVE-2022-3052: Heap buffer overflow in Window Manager. Reported by Khaleel Zani on 2022-07-21
• [$TBD][1267867] Medium CVE-2022-3053: Inappropriate implementation in pointer lock. Reported by Jesper van den Ande (Pelican Party Studio) on 2021-11-08
• [$TBD][1290236] Medium CVE-2022-3054: Insufficient policy enforcement in DevTools. Reported by Qilin Li on 2022-01-24
• [$TBD][1351969] Medium CVE-2022-3055: Use after free in password. Reported by Weipeng Jiang (@Krace) and Guang Gong of 360 Vulnerability Research Institute on 2022-08-11

• [$3000][1329460] The following CVE-2022-3056: Insufficient policy enforcement in the Content Security Policy. Reported by Anonymous on 2022-05-26
• [$2000][1336904] The following CVE-2022-3057: Inappropriate implementation in iframe sandbox. Reported by Gareth Hayes on 2022-06-16
• [$1000][1337676] The following CVE-2022-3058: Use after free in the sign-in flow. Reported on 2022-06-20 by Raven at Kunlun Lab
• [1357881] Various improvements from internal audit, fuzzing and other initiatives
• • [$3000][1329460] The following CVE-2022-3056: Insufficient policy enforcement in the Content Security Policy. Reported by Anonymous on 2022-05-26
  • [$2000][1336904] The following CVE-2022-3057: Inappropriate implementation in iframe sandbox. Reported by Gareth Hayes on 2022-06-16
  • [$1000][1337676] The following CVE-2022-3058: Use after free in the sign-in flow. Reported on 2022-06-20 by Raven at Kunlun Lab
  • [1357881] Various improvements from internal audit, fuzzing and other initiatives

  However, it’s not just the security patch that makes Chrome 105 worth the update. As reported by How-To Geek’s Joe Fedeva, the 105 sports a few new features that you can try out now.

  Web Apps Now Have Windows Controls

  Over the course of various updates, Chrome has improved Progressive Web Apps (PWAs), giving them more functionality, and making them feel like full-fledged apps. Chrome 105 adds window controls for PWAs, giving developers the opportunity to add controls such as close, minimize, and maximize, as well as various options throughout the menu bar.

  Picture-in-picture improvements in Chrome for Android

  Android users already have picture-in-picture (or PiP) in Chrome. While a video is playing, you exit the app on the home screen, and the PiP is activated. However, Chrome 105 now makes it easier to trigger PiP, and much more obvious. You don’t have to be intuitive to skip videos to be able to take advantage of the feature.

  Homebooks see huge improvements in window management

  If you’re a Chromebook user, Chrome 105 adds a great new window management solution. Now you can tile your windows in a similar way to Windows 11, allowing you to quickly place two windows side by side, giving one window more space over another, or having one window float over the other.

  This option is still under testing, but you can enable it with its flag at chrome://flags/#partial-split. After you do this, you’ll see tiling options when you hover your cursor over the window controls.

  how to update google chrome

  It’s possible that your Chrome app will update itself, as Google has an auto-update feature. However, it can take weeks for the company to roll out new updates to users, leaving you vulnerable in the meantime. If you want this update and all its features now, you will have to update manually.

  On the desktop, click the three dots in the top-right corner of your browser window, then click Go Help > About Google Chrome, Let Chrome search for new updates. Click when one is available relaunch to install it.

  On Android, you’ll find the new Chrome update in the Play Store. Tap on your profile, then go here Manage apps and devices, Find Chrome, then tap Updates button next to it. On ChromeOS, go here Settings > About ChromeOS > Check for Updates,