Chrome for Windows, Linux, macOS, Android Updated With Fixes for Vulnerabilities Including a Zero-Day Flaw


Google has released new versions of Chrome for Windows, macOS, Linux and Android with fixes for high-severity security loopholes. The company said that one of the fixes is specifically meant for a zero-day vulnerability, which means that hackers have managed to exploit the loophole before it became known to Chrome developers. The updated browser has started rolling out to both Windows and Android users. It would, though, take some time to reach all users. The new release comes a couple of weeks after Google released Chrome 103.

For Windows, macOS, and Linux, Google has released Chrome version 103.0.5060.114 that fixes a total of four security fixes. Three of them are rated with high severity and are tracked as CVE-2022-2294, CVE-2022-2295, and CVE-2022-2296, as the search giant explained in a blog post.

The vulnerability, which is identified as CVE-2022-2296, exists as a heap overflow flaw in the WebRTC component of the Chrome browser that enables real-time audio and video communication, without requiring any third-party plugins or apps.

Crediting Jan Vojtesek from the Avast Threat Intelligence team, Google says that it is “aware that an exploit for CVE-2022-2294 exists in the wild.” It means in simpler terms that the flaw is the new zero-day vulnerability impacting the Chrome browser.

Alongside mitigating the issue affecting the WebRTC component, the latest Chrome release addresses the highly severe vulnerability CVE-2022-2295, which is a type confusion flaw that exists in the V8 JavaScript engine.

The Chrome update also fixes the high-severity vulnerability CVE-2022-2296, which is a Use-After-Free issue impacting the Chrome OS Shell.

Separately, Chrome for Android has been updated to version 103.0.5060.71. This includes three security fixes, including the ones for the CVE-2022-2294 and CVE-2022-2295.

The updated Chrome browser on Android will be available for download through Google Play over the next few days, Google said.

Similarly, the new Chrome release for Windows, macOS, and Linux is said to be rolled out over the coming days or even weeks.

Users are advised to update their Chrome browser as early as possible to avoid instances of getting targeted by hackers since the issues in its existing versions are now public.

Last month, Google released Chrome 103 for all compatible devices. Users on the iPhone also received an updated Chrome browser with features including enhanced safe browsing.

On the security side of things, Google last updated Chrome browser with fixes for four high-risk vulnerabilities in June. A zero-day exploit was also fixed on the browser through a release for Windows, macOS, and Linux devices in February.

Source link