The manufacturer has closed several security gaps in the Google Chrome web browser. Attackers are already abusing one of them in the wild.
Google has version 103.0.5060.114 of the web browser Chrome for Windows and closes four security holes. The manufacturer classifies at least three of these as high risk. In addition, there is exploit code in the wild for a vulnerability, the developers write. The updated version 103.0.5060.71 of Chrome for Android is also available, which also closes the actively abused vulnerability.
Exploit code circulating
The bug, for which malicious code is already circulating, is found resides in WebRTC (Web Real-Time Communication), a suite of protocols for web communication (CVE-2022-2294, risk “high”). Avast security researchers discovered it and reported it on July 1st. As usual, Google has not given any further details in order to protect users until they have installed the available update.
Another briefly described vulnerability surprisingly affects a Chrome OS shell, which the browser apparently comes with (CVE-2022-2296, high). A use-after-free vulnerability can offer cybercriminals a target here.
Manually trigger browser update
Since one of the vulnerabilities is already being exploited in the wild, users should quickly check Are you using the current version? To do this, they have to click on the “three-point menu” in the upper right corner of the address bar and finally go to “Help” – “About Google Chrome”. Either Chrome will then already display the current version number, or this will trigger the download and installation of the update.