Google has released a new security update to the Chrome browser stable channel that addresses several security issues. According to Google, an exploit is already available for one of them.
Chrome users will have the update to Chrome 103.0.5060.114 in the next few days. But it is recommended that you force Chrome to update.
Για να το κάνετε αυτό, ανοίξτε την εσωτερική διεύθυνση chrome://settings/help ή ανοίξτε τη σελίδα με μη αυτόματο τρόπο επιλέγοντας Μενού > Βοήθεια > Σχετικά με το Google Chrome.
In terms of security vulnerabilities, the new Chrome 103 update fixes a total of four, he says the Chrome Releases blog. Only three of them are listed on the page, as Google does not list the security holes it discovered internally.
The three reported vulnerabilities are:
- High CVE-2022-2294: Heap buffer overflow in WebRTC. Reported by Jan Vojtesek from the Avast Threat Intelligence team on 2022-07-01
- High CVE-2022-2295: Type Confusion in V8. Reported by avaue and Buff3tts at SSL on 2022-06-16
- High CVE-2022-2296: Use after free in Chrome OS Shell. Reported by Khalil Zhani on 2022-05-19
All three security holes are rated with high severity (High), which is one after critical. Google notes that exploits for CVE-2022-2294 are already in circulation. The description reveals that the attack targets a security issue in WebRTC, which stands for Web Real-Time Communications. Είναι ένα στοιχείο σε σύγχρονα programs περιήγησης ιστού που χρησιμοποιείται για διάφορες εργασίες και services communication.
Google did not share additional information for obvious reasons.
As mentioned above, if you use Chrome you should install the update as soon as possible. It is the fourth 0day vulnerability that Google has patched in the browser in 2022.