Google has released a new update security in the stable channel of the Chrome browser that addresses several security issues. According to Google, an exploit is already available for one of them.
Chrome users will have the update to Chrome 103.0.5060.114 in the next few days. But it is recommended that you force Chrome to update.
To do this, open the internal address chrome://settings/help or open the page manually by selecting Menu > Help > About Google Chrome.
In terms of security vulnerabilities, the new Chrome 103 update fixes a total of four, he says the Chrome Releases blog. Only three of them are listed on the page, as Google does not list the security holes it discovered internally.
The three reported vulnerabilities are:
- High CVE-2022-2294: Heap buffer overflow in WebRTC. Reported by Jan Vojtesek from the Avast Threat Intelligence team on 2022-07-01
- High CVE-2022-2295: Type Confusion in V8. Reported by avaue and Buff3tts at SSL on 2022-06-16
- High CVE-2022-2296: Use after free in Chrome OS Shell. Reported by Khalil Zhani on 2022-05-19
All three security holes are rated with high severity (High), which is one after critical. Google notes that exploits for CVE-2022-2294 are already in circulation. The description reveals that the attack targets a security issue in WebRTC, which stands for Web Real-Time Communications. It is a component in modern web browsers used for various communication tasks and services.
Google did not share additional ones information for obvious reasons.
As mentioned above, if you use Chrome you should install the update as soon as possible. It is the fourth 0day vulnerability that Google has patched in the browser in 2022.
