Google releases an urgent security patch for Chrome, users take note!

After a long wait, Chrome version 103 was finally rolled out by Google to the Stable channel a few weeks ago, coming with a bunch of long-awaited new features. However, there are still a series of serious security holes that have not been fixed.

To address the issue, Google has just continued to roll out another urgent security update for its browser to fix a number of known issues, including a zero-day vulnerability rated at . serious, being actively exploited by hackers.

Specifically, Chrome users on Windows have started being updated to version 103.0.5060.114, which comes with four security fixes, three of which have been outlined by Google:

1. CVE-2022-2294 (severe): Buffer overflow in WebRTC. Reported by security expert Jan Vojtesek from Avast Threat Intelligence team on July 1, 2022
2. CVE-2022-2295 (severe): Mistakenly entered in V8. Reported by avaue and Buff3tts coming from SSL on 16-06-2022
3. CVE-2022-2296 (critical): Vulnerability in Chrome OS Shell. Reported by Khalil Zhani on May 19, 2022

The first high-severity vulnerability on the list - CVE-2022-2294 - is a zero-day. And so, Google has yet to publicly reveal details about it. While the individuals who reported the second and third vulnerabilities have both received bonuses of $7,500 and $3,000 respectively from Google.

Of course, Chrome for Windows is not the only version to receive this patch. The Chrome app for Android has also been updated with patch 103.0.5060.71 to fix vulnerabilities CVE-2022-2294 and CVE-2022-2295. Meanwhile, Chrome's Extended Stable channel - still available on version 102 - for Windows and Mac has also been updated and 102.0.5005.148 to fix CVE-2022-2294.

Samuel Daniel

Update 03 August 2022