Tech

Google patches new 0-day vulnerability in Chrome






Google has released a security update for its Chrome browser. The developers have closed four vulnerabilities in the browser, one of which is already being exploited.

Despite the national holiday in the USA, Google has released an important security update for Chrome with Chrome 103.0.5060.114 for Windows. In the Chrome Release Blog, Prudhvikumar Bommana lists the three of the four fixed vulnerabilities that were discovered by external researchers and reported to Google. Among them is a 0-day vulnerability that also affects Chrome for Android.

On July 1st, a security researcher from the Avast Threat Intelligence Team reported a vulnerability in Chrome/Chromium to Google. The vulnerability with the identifier CVE-2022-2294 is a buffer overflow in WebRTC and is apparently already being exploited for attacks. Regardless of this, Google classifies the vulnerability as high risk, as do the other two vulnerabilities reported by external parties (CVE-2022-2295, -2296). This is a type confusion in the Javascript engine V8 and a use-after-free vulnerability in the Chrome OS shell. As always, Google has not published any details about the vulnerability found internally. As a rule, Chrome updates itself automatically when a new version is available.

Three of the four vulnerabilities mentioned, including CVE-2022-2294, also affect Chrome for Android. An update to version 103.0.5060.71 closes these gaps and is already available.

โ–ถThe latest security updates

Other Chromium-based browsers

The manufacturers of other Chromium-based browsers are now again required to follow suit with appropriate updates as quickly as possible. Microsoft

Edge

103.0.1264.44 is still based on Chromium 103.0.5060.53 from June 21st.

brave

1.40.109 contains the slightly newer Chromium version 103.0.5060.66.

Chromium 102.0.5005.136 is still in Vivaldi 5.3.2679.61, but it contains security updates from version 103.0.5060.53. Vivaldi 5.4 will be based on Chromium 104 and will therefore only be released in August. However, the manufacturer should soon provide a security update for Vivaldi 5.3, which uses Chromium 102.0.5005.148 (or newer) from the Extended Stable Channel. At least the 0-day gap CVE-2022-2294 is closed in it.

The current Opera version 88.0.4412.53 is still based on Chromium 102.0.5005.115 from June 14th. Opera 89 based on Chromium 103 is still in beta. So Opera is already two security updates behind schedule.

Google will release Chrome 104 on August 2nd.

Chromium-based browsers at a glance:

browsers

version

Chromium version

Google Chrome

103.0.5060.114

103.0.5060.114 ๐ŸŸข

brave

1.40.109

103.0.5060.66 ๐ŸŸ 

Microsoft Edge

103.0.1264.44

103.0.5060.53 ๐ŸŸ 

Opera

88.0.4412.53

102.0.5005.115 ๐Ÿ”ด

Vivaldi

5.3.2679.61

102.0.5005.136 ๐ŸŸ 

Chromium-based browsers as of 07/04/2022


Related Articles

Leave a Reply

Your email address will not be published.

Back to top button