The user base of Google Chrome is more than three billion, across all platforms. Users of desktops, whether they are Windows, Mac, or Linux users, should update their browser as soon possible to avoid nine security flaws, one of which is rated critical by Google.
New Google Chrome web browser vulnerability discovered
A security update that addresses 14 issues was posted to Google Chrome releases channel on June 21. These vulnerabilities have been rated as Critical Vulnerabilities or Exposures (CVE) from low to critical.
While I’m not aware of any attackers exploiting the security flaws listed, the threat window remains open and the attack clock is ticking. It is important that you take this warning to upgrade seriously.
Don’t take my word for this, Cybersecurity & Infrastructure Security Agency(CISA) also recommends users to update across operating systems platforms. An attacker could use the vulnerabilities to gain control of a targeted device.
Google offers $44,000 in bug bounty payments for Chrome security researchers
Google paid $44,000 to security researchers who discovered the vulnerabilities.
As a matter of urgency, I recommend that you immediately activate the latest Chrome 103 security updates. Google claims it will “rollout in the coming days/weeks”. Do not wait for the automatic update to arrive. Sometimes, depending on the browser’s use case, it can be sitting there waiting for the browser restart for several days or even weeks. About option in your Google Chrome menu to force an update check and automatically download and install it. To ensure that the update is installed and protecting you from any harm, you will need to restart your browser.
What security vulnerabilities are fixed by Chrome 103.0.5060.53?
What are the top vulnerabilities that Chrome version 103.0.5060.53 will fix?
The CVE-20222-2156 is at the top of the shop. This critical vulnerability was discovered by an internal Google Project Zero researcher.
Two high-rated vulnerabilities are CVE-20222-2157 and CVE-20222-2158. This is a type confusion issue.
In order of risk, the three medium- and three low-risk vulnerabilities are: CVE-2022-2161 (insufficient policy enforcement within DevTools), WebApp provider CVE-2022-2161, CVE-2022-2162, File System API insufficient policy enforcement, CVE-2022-2163, Cast UI and toolbar CVE-2022-2162, File System API insufficient policy enforcement, CVE-2022-2162, File System API insufficient policy enforcement, CVE-2022-2162, File System API in Extensions API), and CVE-20222165 (insufficient data validation for URL formatting