Chrome 108 available
The web browser update patches 28 vulnerabilities.
David FischerAs planned, Google has released version 108 of the Chrome web browser. No new features appear to be available for end users. However, the developers close 28 security gaps that endanger the security of users.
Of the 28 vulnerabilities, Google rates eight as high risk, while another 14 leaks pose a medium threat. According to the explanation in Google's release notes, 22 vulnerabilities were reported by external IT researchers.
In order not to endanger the security of browser users, Google withholds details of the vulnerabilities. It only gives an indication of the nature of the vulnerability and affected components.
One of the vulnerabilities is a high-risk security gap in the JavaScript engine V8 due to a so-called type confusion. Data types do not match when transferred within the program code, which can lead to unauthorized memory access and, under certain circumstances, even to the execution of injected code (CVE-2022-4174).
Another vulnerability that attackers can probably exploit with manipulated websites to inject malicious code affects the camera capture component. This is a use-after-free vulnerability in which memory areas or pointers are used even though they have already been dereferenced. This type of vulnerability can often execute foisted code (CVE-2022-4175).
Current versions
The vulnerabilities are no longer present in the new versions. The current version numbers are 108.0.5359.71 for Linux and Mac, 108.0.5359.71/72 for Windows, 108.0.5359.61 for Android and 108.0.5359.52 for iOS. The mobile browsers should close the same security gaps as the desktop versions, Google explains in the release notes for Chrome for Android.
Since the vulnerabilities also affect other browsers based on the Chromium project, such as Microsoft's Edge, security updates should also be available shortly, which users should install as soon as possible. At the end of last week, Google already released an emergency update for Chrome. The developers fixed a zero-day vulnerability in the web browser that had already been actively attacked.
Installing the new update is strongly recommended for Chrome users. Chrome updates are available through the built-in update functionality. They are usually downloaded and installed automatically. If you do not want to wait, you can also initiate the update manually under Help » About Google Chrome.
About Author
David Fischer
I am a technology writer for UpdateStar, covering software, security, and privacy as well as research and innovation in information security. I worked as an editor for German computer magazines for more than a decade before starting to be a team member at UpdateStar.