It is estimated that the Google Chrome web browser has a userbase in excess of three billion across platforms. Desktop users, be they of the Linux, Mac or Windows persuasion, are advised to update their browser as soon as possible as nine new security vulnerabilities, including one rated critical, are confirmed by Google.
Critical new Google Chrome web browser vulnerability confirmed
In a June 21 posting to Google’s Chrome releases channel, a security update was confirmed that fixes a total of 14 issues. Nine of these are vulnerabilities that have been given Common Vulnerabilities and Exposures (CVE) ratings from low right up to critical.
Although, as far as I am aware, none of the security vulnerabilities listed have been exploited by attackers at this time, the threat window is still open and the attack clock ticking. As such, it’s important to take this warning to update seriously.
But don’t just take my word for it, the Cybersecurity & Infrastructure Security Agency (CISA) has also advised users to apply the necessary update across operating system platforms as an attacker could exploit the vulnerabilities to take control of a targeted device.
Google awards $44,000 in bug bounty payments to Chrome security researchers
Indeed, the nine listed vulnerabilities have been taken seriously enough by Google to earn the security researchers who uncovered them a total of $44,000 in bug bounty payments.
I recommend you kick-start this latest Chrome 103 security update, which Google says will “roll out in the coming days/weeks” as a matter of urgency. Don’t wait for the automatic update to arrive, which can sometimes be sitting there waiting for the required browser restart for days or weeks given individual browser use cases. Instead, go to the Help|About option in your Google Chrome menu to force an update check and automatically download and install it. You will, of course, still need to restart your browser to ensure the update has been implemented and is protecting you from potential harm.
What are the security vulnerabilites fixed by the Chrome 103.0.5060.53 update?
So, what are the most important vulnerabilities to be fixed in this update to Chrome version 103.0.5060.53?
Top of the shop is the critical-rated CVE-2022-2156, a use after free vulnerability discovered by an in-house Google Project Zero researcher.
There are also two high-rated vulnerabilities, CVE-2022-2157 is another use after free one plus CVE-2022-2158, a type confusion issue.
The three medium and three low-risk vulnerabilities are, in order, as follows: CVE-2022-2160 (insufficient policy enforcement in DevTools), CVE-2022-2161 (use after free in WebApp provider), CVE-2022-2162 (insufficient policy enforcement in File System API), CVE-2022-2163 (use after free in Cast UI and toolbar), CVE-2022-2164 (inappropriate implementation in Extensions API) and CVE-2022-2165 (insufficient data validation in URL formatting).