Η Google διέθεσε μια νέα ενημέρωση ασφαλείας στο σταθερό κανάλι του προγράμματος περιήγησης Chrome που αντιμετωπίζει πολλά ζητήματα ασφαλείας. Σύμφωνα με την Google, για ένα από τα αυτά κυκλοφορεί ήδη exploit.
Chrome users will have the update to Chrome 103.0.5060.114 in the next few days. But it is recommended that you force Chrome to update.
To do this, open the chrome://settings/help internal address or open the page manually by selecting Menu > Help > About Google Chrome.
In terms of security vulnerabilities, the new Chrome 103 update fixes a total of four, he says the Chrome Releases blog. Only three of them are listed on the page, as Google does not list the security holes it discovered internally.
The three reported vulnerabilities are:
- High CVE-2022-2294: Heap buffer overflow in WebRTC. Reported by Jan Vojtesek from the Avast Threat Intelligence team on 2022-07-01
- High CVE-2022-2295: Type Confusion in V8. Reported by avaue and Buff3tts at SSL on 2022-06-16
- High CVE-2022-2296: Use after free in Chrome OS Shell. Reported by Khalil Zhani on 2022-05-19
All three vulnerabilities are rated High, which is one after critical. Google notes that exploits for CVE-2022-2294 are already in circulation. The description reveals that the attack targets a security issue in WebRTC, which stands for Web Real-Time Communications. It is a component in modern web browsers used for various communication tasks and services.
Google did not share additional information for obvious reasons.
Όπως προαναφέραμε, αν χρησιμοποιείτε τον Chrome θα πρέπει να εγκαταστήσετε την ενημέρωση το συντομότερο δυνατό. Είναι η τέταρτη 0day ευπάθεια που έχει επιδιορθωθεί από την Google στο πρόγραμμα περιήγησης το 2022.
