Chrome 103.0.5060.114 available
The update fixes four vulnerabilities, one of which is already being exploited.
With Chrome 103.0.5060.114 for Windows Google has released an important security update for its Chrome browser. The developers fixed four vulnerabilities in the browser, one of which is already being exploited.
The Chrome Release Blog lists the three of the four fixed vulnerabilities. These were discovered by external researchers and reported to Google. Among these is a 0-day vulnerability that also affects Chrome for Android.
On July 1, a security researcher from the Avast Threat Intelligence Team reported a vulnerability in Chrome/Chromium to Google. The vulnerability with the identifier CVE-2022-2294 is a buffer overflow in WebRTC and is apparently already being exploited for attacks.
Google classified the vulnerability as high risk, as do the other two vulnerabilities reported by external parties (CVE-2022-2295, -2296). This is a type confusion in the JavaScript engine V8 and a use-after-free vulnerability in the Chrome OS shell. Google has not published details about the vulnerability found internally.
Three of the four vulnerabilities mentioned, including CVE-2022-2294, also affect Chrome for Android. An update to version 103.0.5060.71 closes these gaps and is already available.
Chrome updates are available through the built-in update functionality. They are usually downloaded and installed automatically. If you do not want to wait, you can also initiate the update manually under Help ยป About Google Chrome.