Geeks for your information News Browsers News & Tips v
Chrome 103 update fixes 0-Day security issue that is exploited in the wild
Chrome 103 update fixes 0-Day security issue that is exploited in the wild
harlan4096 Offline
MalWare Zoo Team
*******
Posts: 13,799
Threads: 9,248
Thanks Received: 8,903 in 7,078 posts
Thanks Given: 9,584
Joined: 12 September 18
#1
Exclamation  05 July 22, 06:13
Quote:Google published a new security update for the stable channel of the company's Chrome web browser that addresses several security issues. One of the security issues is exploited in the wild, according to Google.

[Image: google-chrome-103-security-update.png]

Windows users of Chrome will receive the update to Chrome 103.0.5060.114 in the coming days and weeks. Since one of the issues is exploited in the wild, it is recommended to force Chrome to update to protect the device and its data from attacks.

To do so, launch chrome://settings/help in the address bar of the browser, or open the page manually by selecting Menu > Help > About Google Chrome.

Google Chrome displays the current version on the page that opens. A check for updates is run, and any new version is downloaded and installed automatically. Note that Chrome needs to be restarted to complete the installation of the update.

As far as security issues are concerned, Chrome 103's update fixes four in total as revealed on the Chrome Releases website. Only three of those are listed on the page, as Google is not listing issues that it discovered internally.

Chrome 103_0-day security updateThe three listed security vulnerabilities are:
  • High CVE-2022-2294: Heap buffer overflow in WebRTC. Reported by Jan Vojtesek from the Avast Threat Intelligence team on 2022-07-01
  • High CVE-2022-2295: Type Confusion in V8. Reported by avaue and Buff3tts at S.S.L. on 2022-06-16
  • High CVE-2022-2296: Use after free in Chrome OS Shell. Reported by Khalil Zhani on 2022-05-19
All three issues are rated with a severity of high, which is the second highest after critical. Google notes that exploits for CVE-2022-2294 exist in the wild. The description reveals that the attack targets a security issue in WebRTC, which stands for Web Real-Time Communications. It is a component in modern web browsers that is used for various communication tasks and services.

Google did not share additional information at the time. Security vulnerability information is locked and only available to certain Google employees and researchers. The main reason for that is that Google does not want other malware actors to use the information to create exploits targeting it. Since Chrome updates take days or weeks to reach the bulk of installations, it is done to protect unpatched devices.

Chrome users should install the update as soon as possible to protect the device against the exploit. It is the fourth 0-day vulnerability that has been patched by Google in the browser in 2022.
...
Continue Reading
Find
Reply


Messages In This Thread
Chrome 103 update fixes 0-Day security issue that is exploited in the wild - by harlan4096 - 05 July 22, 06:13

Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
QOwnNotes 19.1.6
24.12.4 The wel...Kool — 12:56
INTEL Arc Graphics 32.0.101.6325/6253 dr...
Highlights Fix...harlan4096 — 11:06
GFYI [Official] Revo Uninstaller Pro v5...
"Share feedback...damien76 — 09:01
GFYI [Official] SpyShelter PRO v15 Chri...
Merry Christmas and ...damien76 — 08:56
GFYI [Official] IObit Christmas 2024 Bl...
Merry Christmas and ...damien76 — 08:54

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>