The Google Chrome web browser is estimated to have over three billion users across all platforms. Desktop users, whether Linux, Mac or Windows, are urged to update their browsers as soon as possible as nine new security vulnerabilities, including one rated critical, are confirmed by Google.
New Critical Google Chrome Web Browser Vulnerability Confirmed
In a publication from June 21 to Google’s Chrome launch channel, a security update has been confirmed that resolves a total of 14 issues. Nine of them are vulnerabilities that have been assigned Common Vulnerabilities and Exposures (CVE) ratings ranging from low to critical.
Although, to the best of my knowledge, none of the listed security vulnerabilities have been exploited by attackers at this time, the threat window is still open and the attack clock is ticking. As such, it’s important to take this update warning seriously.
But don’t just take my word for it, the The Cybersecurity & Infrastructure Security Agency (CISA) also advised users to apply the necessary update on all operating system platforms. as an attacker could exploit the vulnerabilities to take control of a targeted device.
Google awards $44,000 in bug bounties to Chrome security researchers
Indeed, the nine listed vulnerabilities were taken seriously enough by Google to net the security researchers who discovered them a total of $44,000 in bug bounties.
I recommend that you run this latest Chrome 103 security update, which Google says will “roll out in the coming days/weeks” urgently. Don’t wait for the automatic update to arrive, which can sometimes wait for the required browser restart for days or weeks depending on individual browser use cases. Instead, navigate to the Help | About your Google Chrome menu to force a check for the update and automatically download and install it. Of course, you will still need to restart your browser to ensure that the update has been implemented and protects you from potential harm.
What security vulnerabilities are addressed by the Chrome 103.0.5060.53 update?
So what are the most important vulnerabilities to fix in this Chrome version 103.0.5060.53 update?
The top of the shop is the critic CVE-2022-2156a use-after-free vulnerability discovered by an internal Google Project Zero researcher.
There are also two high level vulnerabilities, CVE-2022-2157 is another use after free one plus CVE-2022-2158a type confusion problem.
The three medium-risk and three low-risk vulnerabilities are, in order, as follows: CVE-2022-2160 (insufficient policy enforcement in DevTools), CVE-2022-2161 (use after free in WebApp provider), CVE-2022-2162 (insufficient enforcement of policies in the file system API), CVE-2022-2163 (use after free in Cast UI and toolbar), CVE-2022-2164 (inappropriate implementation in the Extensions API) and CVE-2022-2165 (insufficient data validation in URL formatting).