They discover a serious vulnerability in Google Chrome that is being exploited

The Windows and Android versions of Google Chrome are affected by a serious vulnerability found in the support of WebRTC, the open source communications protocol that allows audio and video to be transmitted through web pages and applications.

To expose the details, the zero-day security flaw (previously unknown to parties interested in fixing it) is supported by a buffer overflow in WebRTC. Because the vulnerability has been tagged as high severity, Google has not released any information about it and it appears that it will not do so until the patch is widely distributed among Chrome users for Windows and Android.

If the vulnerability is successfully exploited, a malicious website could take control of the entire computer (smartphones are also computers, in case someone is clueless). Fortunately the patch has already begun to be distributed, more specifically in versions 103.0.5060.114 on Windows and 103.0.5060.71 on Android. In the Microsoft system, if Chrome is used regularly, the update should arrive automatically while using the application, but in extreme cases it is possible to force the process by going to the menu > Help > “Google Chrome Information” and As a last resort, uninstall the application and reinstall it.

For its part, in Android Apps are updated through the Play Store app if no custom ROM has been installed, as if so, the Google store may have been superseded by something like F-Droid. But in case of keeping the Android implementation supplied by the smartphone manufacturer, the steps to follow are open the app from the Play Store and click on the user icon in the upper right corner and then do the same on “Manage apps and device”. Once you have accessed the section, click on “Update all”.

Keeping the software up to date is very important to avoid vulnerabilities, although this is not a panacea because malicious actors often keep vulnerabilities in a way that they are not known to the public or the developer, for which ends up becoming a zero-day.

In addition to the WebRTC vulnerability, Google has fixed others, including a type confusion vulnerability that affects V8, the Chromium (and Chrome) JavaScript engine. The Mountain View giant is aware that the vulnerability that affects WebRTC has been exploited, so we recommend updating Google Chrome as soon as possible if the aforementioned versions or higher have not yet been received.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *