Google released a new one security update in the stable channel of the Chrome browser that addresses several security issues. According to Google, one of them is already on the way exploit.
Chrome users will have the update to Chrome 103.0.5060.114 in the next few days. But it is recommended that you force Chrome to update.
To do this, open the chrome://settings/help internal address or open the page manually by selecting Menu > Help > About Google Chrome.
In terms of security vulnerabilities, the new Chrome 103 update fixes a total of four, he says the Chrome Releases blog. Only three of them are listed on the page, as Google does not list the security holes it discovered internally.
The three reported vulnerabilities are:
- High CVE-2022-2294: Heap buffer overflow in WebRTC. Reported by Jan Vojtesek from the Avast Threat Intelligence team on 2022-07-01
- High CVE-2022-2295: Type Confusion in V8. Reported by avaue and Buff3tts at SSL on 2022-06-16
- High CVE-2022-2296: Use after free in Chrome OS Shell. Reported by Khalil Zhani on 2022-05-19
All three vulnerabilities are rated High, which is one after critical. Google notes that exploits for CVE-2022-2294 are already in circulation. The description reveals that the attack targets a security issue in WebRTC, which stands for Web Real-Time Communications. It is a component in modern web browsers used for various communication tasks and services.
Google did not share additional information for obvious reasons.
As mentioned above, if you use Chrome you should install the update as soon as possible. It's the fourth 0day vulnerability which has been patched by Google at program tour in 2022.