Chrome users across all platforms are advised to install the latest update as early as possible.
Google has released new versions of Chrome for Windows, macOS, Linux and Android with fixes for high-severity security loopholes. The company said that one of the fixes is specifically meant for a zero-day vulnerability, which means that hackers have managed to exploit the loophole before it became known to Chrome developers. The updated browser has started rolling out to both Windows and Android users. It would, though, take some time to reach all users. The new release comes a couple of weeks after Google released Chrome 103.
For Windows, macOS, and Linux, Google has released Chrome version 103.0.5060.114 that fixes a total of four security fixes. Three of them are rated with high severity and are tracked as CVE-2022-2294, CVE-2022-2295, and CVE-2022-2296, as the search giant explained in a blog post.
The vulnerability, which is identified as CVE-2022-2296, exists as a heap overflow flaw in the WebRTC component of the Chrome browser that enables real-time audio and video communication, without requiring any third-party plugins or apps.
Crediting Jan Vojtesek from the Avast Threat Intelligence team, Google says that it is “aware that an exploit for CVE-2022-2294 exists in the wild.” It means in simpler terms that the flaw is the new zero-day vulnerability impacting the Chrome browser.
The Chrome update also fixes the high-severity vulnerability CVE-2022-2296, which is a Use-After-Free issue impacting the Chrome OS Shell.
The updated Chrome browser on Android will be available for download through Google Play over the next few days, Google said.
Similarly, the new Chrome release for Windows, macOS, and Linux is said to be rolled out over the coming days or even weeks.
Users are advised to update their Chrome browser as early as possible to avoid instances of getting targeted by hackers since the issues in its existing versions are now public.