Google Chrome 103 hit the Stable channel a couple of weeks ago with a bunch of new features including a pre-rendering mechanism for faster page loads and the ability for web apps to access local fonts. Now, Google has rolled out another update for its browser in order to fix some security issues, including a 0-day exploit.
Chrome for Windows has been updated to version 103.0.5060.114 and it includes four security fixes, three of which were outlined by Google:
- High CVE-2022-2294: Heap buffer overflow in WebRTC. Reported by Jan Vojtesek from the Avast Threat Intelligence team on 2022-07-01
- High CVE-2022-2295: Type Confusion in V8. Reported by avaue and Buff3tts at S.S.L. on 2022-06-16
- High CVE-2022-2296: Use after free in Chrome OS Shell. Reported by Khalil Zhani on 2022-05-19
The first high-severity vulnerability in the list is a 0-day, and as such, Google hasn't publicly revealed the details about it yet. While the people who reported the second and third flaw are entitled to $7,500 and $3,000 as a reward respectively, the monetary award for the 0-day is yet to be decided.
Chrome for Windows isn't the only version that received these patches, though. Chrome for Android has fixes for CVE-2022-2294 and CVE-2022-2295 in version 103.0.5060.71. Meanwhile, Chrome Extended Stable channel - which is still on version 102 - for Windows and Mac netted a fix for CVE-2022-2294 in version 102.0.5005.148 too.
You can click on the three-dot menu on the top-right of your Chrome window and navigate to Help > About Google Chrome to see if the update is available for you.