Google announced that the stable channel for Chrome has been updated to 103.0.5060.114 for Windows, macOS, and Linux OS. The latest version will be rolled out over the next few days. The latest version patches a high-severity zero-day exploit detected in the wild, which is tracked as CVE-2022-2294. You can take a look at the change logs to see what’s new in the latest release from its official website.
Exploited in the wild
The release patches multiple security issues. Google stated that bug details won’t be published until the majority of users updated the browser. Restrictions will be retained if the bug exists in a library used by other projects that aren’t fixed yet. 3 of the 4 patches are contributed by external researchers. These are:
- [$TBD] High CVE-2022-2294: Heap buffer overflow in WebRTC. Reported by Jan Vojtesek from the Avast Threat Intelligence team on 2022-07-01
- [$7500] High CVE-2022-2295: Type Confusion in V8. Reported by avaue and Buff3tts at S.S.L. on 2022-06-16
- [$3000] High CVE-2022-2296: Use after free in Chrome OS Shell. Reported by Khalil Zhani on 2022-05-19
On the other hand, the first two of those vulnerabilities also affect the Android version of Chrome. The company is also releasing the 103.0.5060.71 version of Chrome for the Android operating system, coming in a few days to fix those issues.
Google also urged users to update their browser as soon as the patch becomes available for them. The patch includes fixes for a vulnerability which currently being exploited, thus it is very important to apply the patch immediately for browsing safety. You can copy and paste the following link to your browser’s address bar to check for updates manually and apply them immediately:
chrome://settings/help