Everything New in Chrome 105

Google pumps out new software for its web browser like clockwork; so often, in fact, you might tend to tune out new versions when they become available. Don’t skip Chrome 105, though—it patches a bunch of nasty security vulnerabilities,...

Everything New in Chrome 105

Image for article titled Everything New in Chrome 105

Photo: OpturaDesign (Shutterstock)

Google pumps out new software for its web browser like clockwork; so often, in fact, you might tend to tune out new versions when they become available. Don’t skip Chrome 105, though—it patches a bunch of nasty security vulnerabilities, and adds a few new features to boot.

Google patches 24 new security vulnerabilities

Chrome 105 patches 24 security vulnerabilities found in previous versions of the browser, including 21 provided by third-party researchers. One of these vulnerabilities is rated as “Critical,” and eight are rated as “High” severity. Although these nine vulnerabilities are particularly important to patch, it’s important to note that none of them, nor any of the others, are zero-days. That means Google has not identified an exploit in the wild for any, so, theoretically, no one knows how to use these vulnerabilities against you. Yet.

Still, Google is now publicly acknowledging these flaws by publishing them as part of the patch, meaning bad actors will inevitably figure out how to exploit them. For that reason alone, it’s worth taking the time to update right away.

Check out the 22 flaws Google published to its blog, complete with the bounty awarded to researchers, when available. It’s unclear why the other two patches are not disclosed.

G/O Media may get a commission

[$NA][1340253] Critical CVE-2022-3038: Use after free in Network Service. Reported by Sergei Glazunov of Google Project Zero on 2022-06-28[$10000][1343348] High CVE-2022-3039: Use after free in WebSQL. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2022-07-11[$9000][1341539] High CVE-2022-3040: Use after free in Layout. Reported by Anonymous on 2022-07-03[$7500][1345947] High CVE-2022-3041: Use after free in WebSQL. Reported by Ziling Chen and Nan Wang(@eternalsakura13) of 360 Vulnerability Research Institute on 2022-07-20[$5000][1338553] High CVE-2022-3042: Use after free in PhoneHub. Reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute on 2022-06-22[$3000][1336979] High CVE-2022-3043: Heap buffer overflow in Screen Capture. Reported by @ginggilBesel on 2022-06-16[$NA][1051198] High CVE-2022-3044: Inappropriate implementation in Site Isolation. Reported by Lucas Pinheiro, Microsoft Browser Vulnerability Research on 2020-02-12[$TBD][1339648] High CVE-2022-3045: Insufficient validation of untrusted input in V8. Reported by Ben Noordhuis on 2022-06-26[$TBD][1346245] High CVE-2022-3046: Use after free in Browser Tag. Reported by Rong Jian of VRI on 2022-07-21[$7000][1342586] Medium CVE-2022-3047: Insufficient policy enforcement in Extensions API. Reported by Maurice Dauer on 2022-07-07[$5000][1303308] Medium CVE-2022-3048: Inappropriate implementation in Chrome OS lockscreen. Reported by Andr.Ess on 2022-03-06[$3000][1316892] Medium CVE-2022-3049: Use after free in SplitScreen. Reported by @ginggilBesel on 2022-04-17[$3000][1337132] Medium CVE-2022-3050: Heap buffer overflow in WebUI. Reported by Zhihua Yao of KunLun Lab on 2022-06-17[$2000][1345245] Medium CVE-2022-3051: Heap buffer overflow in Exosphere. Reported by @ginggilBesel on 2022-07-18[$2000][1346154] Medium CVE-2022-3052: Heap buffer overflow in Window Manager. Reported by Khalil Zhani on 2022-07-21[$TBD][1267867] Medium CVE-2022-3053: Inappropriate implementation in Pointer Lock. Reported by Jesper van den Ende (Pelican Party Studios) on 2021-11-08[$TBD][1290236] Medium CVE-2022-3054: Insufficient policy enforcement in DevTools. Reported by Kuilin Li on 2022-01-24[$TBD][1351969] Medium CVE-2022-3055: Use after free in Passwords. Reported by Weipeng Jiang (@Krace) and Guang Gong of 360 Vulnerability Research Institute on 2022-08-11[$3000][1329460] Low CVE-2022-3056: Insufficient policy enforcement in Content Security Policy. Reported by Anonymous on 2022-05-26[$2000][1336904] Low CVE-2022-3057: Inappropriate implementation in iframe Sandbox. Reported by Gareth Heyes on 2022-06-16[$1000][1337676] Low CVE-2022-3058: Use after free in Sign-In Flow. Reported by raven at KunLun lab on 2022-06-20[1357881] Various fixes from internal audits, fuzzing and other initiatives

It’s not just security patches that makes Chrome 105 a worth an update, though. As reported by Joe Fedewa of How-To Geek, 105 sports a few new features you can try out right now.

Web apps have windows controls now

Throughout various updates, Chrome has made improvements to progressive web apps (PWAs), giving them more functionality, and making them feel more like full apps. Chrome 105 adds window controls for PWAs, giving developers an opportunity to add controls like close, minimize, and maximize, as well as various options throughout the menu bar.

Improvements to picture-in-picture in Chrome for Android

Android users have had picture-in-picture (or PiP) in Chrome already. When a video is playing, you exit the app to the Home Screen, and PiP activates. However, Chrome 105 now makes it easier to trigger PiP, and more obvious. You don’t need to intuitively know to leave a video to be able to take advantage of the feature.

Chomebooks see huge improvements to window management

If you’re a Chromebook user, Chrome 105 adds an awesome new window management solution. You can now tile your windows in a similar fashion to Windows 11, which lets you quickly place two windows side-by-side, give more room to one window over another, or have a window floating over the other.

This option is still in testing, but you can enable it from its flag at chrome://flags/#partial-split. After you do so, you’ll see tiling options when you hover your cursor over the window controls.

How to update Google Chrome

It’s possible your Chrome app will update itself, since Google has an auto-update feature in place. However, the company can take weeks to roll out new updates to users, leaving you vulnerable in the meantime. If you want this update and all its features now, you’ll need to update manually.

On desktop, click the three dots in the top-right corner of your browser window, then go to Help > About Google Chrome. Allow Chrome to search for a new update. When one is available, click Relaunch to install it.

On Android, you’ll find the new chrome update in the Play Store. Tap your profile, then go to Manage apps & device. Look for Chrome, then tap the Update button next to it. On ChromeOS, go to Settings > About ChromeOS > Check for updates.