The web browser is the main connection between our PC and the rest of the Internet. For this reason, it is essential that developers carry out frequent maintenance on it, being able to detect possible security flaws before it is too late and endangers users. Google Chrome, for example, is the most widely used browser in the world, with a market share of nearly 70%. And, although Google usually does a good job, sometimes we can be exposed simply by using this browser, as has just happened with the new version 103 of it.
This same morning, Google launched an emergency update of the chrome version 103 with which it addressed a series of security flaws detected in it. With this patch, Chrome corrected a total of 4 security flaws, of which it has only revealed information about 3 of them (all three are highly dangerous):
- CVE-2022-2294: a buffer overflow security flaw in WebRTC.
- CVE-2022-2295: a type confusion error in the V8 engine.
- CVE-2022-2296: Resource usage crash after completion in Chrome OS console.
Although none of them has been considered a critical bug, the first on the list, CVE-2022-2294, is a bug that, as Google has warned, is being actively exploited on the network. Hackers are taking advantage of this Web Real-Time Communications standard to hack users using the browser simply by making them open a URL.
For security reasons, Google has not provided more information about this vulnerability, so only security researchers and company engineers have access to the technical details of it. When most of the users are protected, then they will release the related information about this bug to be able to know it in more detail. What we know nothing about, and probably will not know, is the fourth vulnerability.
Update Chrome in seconds
As usual, unless we have changed the default settings of Chrome, the browser should automatically update on our PC without us having to do anything. In any case, we can check the installed version, and force the update, by writing “chrome://settings/help” in the address bar, and looking at the “Chrome Information” section.
Once the update is installed, the browser is placed in the version 103.0.5060.114. And we can continue sailing without fear, as long as we do not forget common sense. If we still do not have the browser installed, we can also download and install Chrome from scratch to automatically place ourselves in this secure version. At least for now, until a new zero-day bug appears.
Counting this bug, there are already 4 zero-day vulnerabilities that have affected Google Chrome so far this year. It’s clear that hackers are getting serious about finding and exploiting security flaws, so it’s vital to make sure your browser, operating system, and all programs are always up to date.