If you use Google Chrome on Windows or Android, you need to update ASAP. There’s a new browser update for each platform that includes patches for newly discovered security vulnerabilities. The bad news: One of these security flaws has a known exploit, meaning your browser and its data are at risk unless you update now.
Google confirmed these updates on its Chrome Release blogs for Windows and Android. Windows users will need to update to version 103.0.5060.114, while Android users will see version 103.0.5060.71. The company says these updates patch four security vulnerabilities in Chrome for Windows and three vulnerabilities in Chrome for Android. Oddly, however, Google omitted one of the vulnerabilities from its list:
- [$TBD] High CVE-2022-2294: Heap buffer overflow in WebRTC. Reported by Jan Vojtesek from the Avast Threat Intelligence team on 2022-07-01
- [$US7500 ($10,412)] High CVE-2022-2295: Type Confusion in V8. Reported by avaue and Buff3tts at S.S.L. on 2022-06-16
- [$US3000 ($4,165)] High CVE-2022-2296: Use after free in Chrome OS Shell. Reported by Khalil Zhani on 2022-05-19 (Desktop only)
While it’s important to protect yourself from all security bugs possible, it’s really the first of these three that is the most concerning, as Google confirmed in its update log there is a known exploit for CVE-2022-2294 in the wild. When an exploit for a security vulnerability exists, it means at least somebody knows how to take advantage of the bug, if they haven’t done so already. That’s dangerous, since the likely billion of Chrome users on Windows and Android will be at risk until the bug is patched and their devices are updated.
CVE-2022-2294 is a buffer overflow vulnerability. It occurs when a program tries to write more data to a memory location than that location can accept, causing it to overflow into another space. These vulnerabilities are not uncommon, but when they are discovered, malicious users can take advantage of them. If Chrome isn’t fully updated on your PC or Android device, you are at risk.
While Google isn’t publicly aware of exploitations for the other vulnerabilities at this time, it’s likely such exploits will be discovered eventually. The longer you wait to update, the more vulnerabilities there will be to contend with.
For some reason, these security flaws don’t seem to affect Mac or iOS users. As such, you won’t see a new Chrome update on these platforms just yet.
How to update Google Chrome on Windows and Android
To protect your browser and your data, update Chrome now. To do soon Windows, click the three dots in the top-right corner of the browser window, then choose Help > About Google Chrome. Allow Chrome to look for a new update. If one is available, choose “Relaunch” to install the update to your browser.
To update the app on Android, head to the Google Play Store. Search for Google Chrome, then choose “Update” next to the app. If you have automatic updates enabled, the app may update on its own: If you only see an “Open” option, you’re all set.