A critical vulnerability is available in the Chrome browser – it is not only dangerous, but, as it turned out, has been actively in use by hackers for some time. It is known that Google already released the update that fixes it earlier this week, but so far it may not have reached all users.
We know that stable builds 104.0.5112.101 for macOS and Linux and version 104.0.5112.102/101 for Windows are already available. Normally, the update automatically installs on the user’s computer, but just in case, it’s worth checking the browser in the “Settings” menu – some users indicate that the download of the update begins only after entering the appropriate section.
A critical vulnerability in Google Chrome: you should update the browser immediately
We know that the update includes 11 security fixes, ranging from “critical” to “medium”. Google does not disclose details until most users update the software.
Although there is one critical bug in the list, the most dangerous is probably the “high” level vulnerability CVE-2022-2856 – for it, according to the official Chrome Releases blog, there is already an exploit actively in use by hackers for it. According to the Dark Reading portal, the vulnerability allows malicious sites to execute arbitrary code on a user’s computer.
In other words, hackers know about the vulnerability. So it’s worth updating as soon as possible if the current version of the web browser is not the latest.
Gizchina News of the week
Last month, Google has also released an urgent update to its proprietary Chrome browser for Windows.
Chrome update 103.0.5060.114 had a fix for a serious zero-day vulnerability CVE-2022-2294, which was actively in exploitation by attackers. The vulnerability had a high severity level. Google has not yet disclosed details about the vulnerability and its use in order not to give cybercriminals additional information.
However, we already know that we are talking about a buffer overflow vulnerability. It was the discovery by Jan Vojtěsek from Avast in the WebRTC (Web Real-Time Communications) component.