Google has released a security update for its Chrome browser. The developers have closed four vulnerabilities in the browser, one of which is already being exploited.
Despite the national holiday in the USA, Google has released an important security update for Chrome with Chrome 103.0.5060.114 for Windows. In the Chrome Release Blog, Prudhvikumar Bommana lists the three of the four fixed vulnerabilities that were discovered by external researchers and reported to Google. Among them is a 0-day vulnerability that also affects Chrome for Android.
On July 1st, a security researcher from the Avast Threat Intelligence Team reported a vulnerability in Chrome/Chromium to Google. The vulnerability with the identifier CVE-2022-2294 is a buffer overflow in WebRTC and is apparently already being exploited for attacks. Regardless of this, Google classifies the vulnerability as high risk, as do the other two vulnerabilities reported by external parties (CVE-2022-2295, -2296). This is a type confusion in the Javascript engine V8 and a use-after-free vulnerability in the Chrome OS shell. As always, Google has not published any details about the vulnerability found internally. As a rule, Chrome updates itself automatically when a new version is available.
Three of the four vulnerabilities mentioned, including CVE-2022-2294, also affect Chrome for Android. An update to version 103.0.5060.71 closes these gaps and is already available.
▶The latest security updates
Other Chromium-based browsers
The manufacturers of other Chromium-based browsers are now again required to follow suit with appropriate updates as quickly as possible. Microsoft
Edge
103.0.1264.44 is still based on Chromium 103.0.5060.53 from June 21st.
brave
1.40.109 contains the slightly newer Chromium version 103.0.5060.66.
Chromium 102.0.5005.136 is still in Vivaldi 5.3.2679.61, but it contains security updates from version 103.0.5060.53. Vivaldi 5.4 will be based on Chromium 104 and will therefore only be released in August. However, the manufacturer should soon provide a security update for Vivaldi 5.3, which uses Chromium 102.0.5005.148 (or newer) from the Extended Stable Channel. At least the 0-day gap CVE-2022-2294 is closed in it.
The current Opera version 88.0.4412.53 is still based on Chromium 102.0.5005.115 from June 14th. Opera 89 based on Chromium 103 is still in beta. So Opera is already two security updates behind schedule.
Google will release Chrome 104 on August 2nd.
Chromium-based browsers at a glance:
|
browsers |
version |
Chromium version |
|---|---|---|
|
Google Chrome |
103.0.5060.114 |
103.0.5060.114 🟢 |
|
brave |
1.40.109 |
103.0.5060.66 🟠 |
|
Microsoft Edge |
103.0.1264.44 |
103.0.5060.53 🟠 |
|
Opera |
88.0.4412.53 |
102.0.5005.115 🔴 |
|
Vivaldi |
5.3.2679.61 |
102.0.5005.136 🟠 |
|
Chromium-based browsers as of 07/04/2022 | ||
