Tuesday, Oct 04, 2022

Here’s why you need to update your Google Chrome right now

Google will be rolling out Chrome updates for Windows, macOS, Linux and Android in the coming days to fix some severe vulnerabilities including one zero-day.

Hackers found out how to exploit one of the vulnerabilities before it was discovered by Google. (File photo)

Google has fixed multiple severe security loopholes in its latest release of Chrome for Windows, macOS, Linux and Android. According to Google, one of the fixes was for a zero-day vulnerability. Zero-days are vulnerabilities unknown to those who developed the system. Google has withheld some details about the flaws in order to ensure that users can apply the latest update to fix these flaws. This is also being done to ensure that hackers can misuse information about the zero-day flaws to create exploits.

Google Chrome version 103.0.5060.114 fixes all four of the detected vulnerabilities and it will be rolled out over the next few days. Amongst the four, three vulnerabilities have been high severity: CVE-2022-2294, CVE-2022-2295, and CVE-2022-2296.

Ideally, you should look out for the latest updates for Chrome on whatever platform or OS you are using it on to ensure that your browser is safe and has been patched for these vulnerabilities. You can always go to Chrome settings in the browser and check for ‘About Chrome’. If a new update has come it should show or it will get applied automatically.

The Google blog post announcing the update says, “Google is aware that an exploit for CVE-2022-2294 exists in the wild,” which means that it is a zero-day vulnerability. The vulnerability was reported by Jan Vojtesek from the Avast Threat Intelligence team on July 1. Google described it as a “heap buffer overflow” in Chrome’s WebRTC component.

Subscriber Only Stories
After LCH, all eyes on development of indigenous medium lift Indian Multi...Premium
Govt saw fodder crisis coming over two years ago, but plans remained on p...Premium
ExplainSpeaking: As RSS sounds alarm, taking stock of India’s poverty, in...Premium
Svante Paabo awarded Nobel Prize in Medicine: Mapping Neanderthal genomePremium

The other highly-severe vulnerabilities, CVE-2022-2295 and CVE-2022-2296, have been described as a type confusion vulnerability in Chrome’s V8 JavaScript engine and a User after free vulnerability in the Chrome OS Shell.

Google also released Chrome for Android version 103.0.5060.71 which fixes three security vulnerabilities, including CVE-2022-2294 and CVE-2022-2295. The company said that the updated version of the browser for Android will be available on the Play Store in the next few days.

In February this year, CERT-IN (Computer Emergency Response Team), the cybersecurity arm of the Indian government warned the public that Chrome OS could be exploited by hackers who could “bypass several restrictions and execute arbitrary code” to gain full access of the browser due to security vulnerabilities. CERT-IN recommended that users update their browsers to the latest version to avoid security issues.

First published on: 06-07-2022 at 01:07:40 pm
Next Story

Sending signal to China, PM Modi wishes Dalai Lama on his 87th birthday

Latest Comment
Post Comment
Read Comments