Google Fixes Zero-Day Chrome Flaw for Windows & Android
It’s not uncommon for Google to issue new software updates for Chrome. In fact, the company issues at least one a month like clockwork. However, last week, we saw something slightly unusual: Not only did Google release a security update for Chrome for Windows, it simultaneously released the update for Android as well.
Google unveiled Chrome version 103.0.5060.114 for Windows and Chrome version 103.0.5060.71 for Android on Monday, July 4. The company released these updates specifically to tackle security vulnerabilities found in previous versions of Chrome. The Windows update patches four such vulnerabilities, while the Android update patches three. However, Google’s blogs do not identify one of these vulnerabilities, so we don’t know much about that one at this time.
The following are the vulnerabilities Google acknowledged it patched:
- [$TBD] High CVE-2022-2294: Heap buffer overflow in WebRTC. Reported by Jan Vojtesek from the Avast Threat Intelligence team on 2022-07-01
- [$7500] High CVE-2022-2295: Type Confusion in V8. Reported by avaue and Buff3tts at S.S.L. on 2022-06-16
- [$3000] High CVE-2022-2296: Use after free in Chrome OS Shell. Reported by Khalil Zhani on 2022-05-19 (Windows)
The first vulnerability listed, CVE-2022-2294, is the one of most interesting, as it’s a zero-day flaw. Google confirmed an exploit for the vulnerability exists in the wild, which poses a risk to anyone who does not update Chrome to this latest patch. It isn’t known how widespread the knowledge of the exploit is, but, hypothetically, a bad actor could use it to attack your system.
How to update Chrome for Windows and Android
On Windows, click the three dots in the top right corner of your window, hover over “Help,” then choose “About Google Chrome.” From here, allow Chrome to search for an update. When it’s available, hit “Relaunch” to relaunch Chrome with the patch installed. On Android, you can update Chrome from the Play Store. Simply search for the app, then tap “Update” when it appears next to the app’s name.
Cover photo by Deepanker Verma/Pexels