Google Chrome 104: Addresses a critical security issue and an exploitation issue

Google released a new version of the company’s Google Chrome browser on August 16, 2022. The new stable release is a security update for the browser that fixes 11 security issues.

It fixes a critical security vulnerability in the browser and a high security issue that is exploited in the wild.

The update is also available for the Extended Stable channel, a longer-term support release of Chrome for businesses and enterprise users.

The update is already available, but will be distributed in waves. Chrome users who want to update to the new version immediately need to select Menu > Help > About Google Chrome or load chrome://settings/help directly in the browser.

Chrome displays the current version of the browser while also checking for updates. The new update will then be downloaded and installed automatically. A restart is required to complete the update.

Security update for Chrome 104

Check Chrome for updates

Google released the first version of Chrome 104 in early August. The release fixes 27 security vulnerabilities in the browser.

The stable channel is updated to 104.0.5112.101 for Mac and Linux and 104.0.5112.102/101 for Windows when installing the update. Extended stable channel installations are updated to 104.0.5112.101 for Mac and 104.0.5112.102 for Windows.

The release announcement lists all security issues reported to Google by outside researchers. Google does not list internally discovered security issues.

  • [$NA][1349322] Critical CVE-2022-2852: Use after free in FedCM. Reported by Sergei Glazunov of Google Project Zero on 08/02/2022
  • [$7000][1337538] High CVE-2022-2854: Use after free use in SwiftShader. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. ltd on 06/18/2022
  • [$7000][1345042] High CVE-2022-2855: Use after free in ANGLE. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. ltd on 07/16/2022
  • [$5000][1338135] High CVE-2022-2857: Use after Free in Blink. Reported by Anonymous on 06/21/2022
  • [$5000][1341918] High CVE-2022-2858: Use after the free signup process. Reported by Rabe at the KunLun lab on 07/05/2022
  • [$NA][1350097] High CVE-2022-2853: Heap buffer overflow in downloads. Reported by Sergei Glazunov of Google Project Zero on 08/04/2022
  • [$NA][1345630] High CVE-2022-2856: Insufficient validation of untrusted input in intents. Reported by Ashley Shen and Christian Resell of the Google Threat Analysis Group on 07/19/2022
  • [$3000][1338412] Medium CVE-2022-2859: Use after Free in Chrome OS Shell. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 06/22/2022
  • [$2000][1345193] Medium CVE-2022-2860: Inadequate policy enforcement in cookies. Reported by Axel Chong on 07/18/2022
  • [$TBD][1346236] Medium CVE-2022-2861: Inappropriate implementation in extension API. Reported by Rong Jian of VRI on 07/21/2022

The list contains a security issue with a critical severity. The remaining security issues are rated high or medium. The critical issue was discovered in FedCM, Federated Learning with Client-level Momentum.

Google mentions that the CVE-2022-2856 security issue is being exploited in the wild. The issue is classified as high and is described as “Insufficient validation of untrusted input in intents”.

Chrome Desktop users should consider updating the browser as soon as possible to fix the security issues and protect their data from attacks targeting these issues. Expect updates from other Chromium-based browsers in the coming days and weeks.

Now you: Do you use Google Chrome?

summary

Google Chrome 104: Addresses a critical security issue and an exploitation issue

Product Name

Google Chrome 104: Addresses a critical security issue and an exploitation issue

description

Google Chrome 104 fixes a critical browser security vulnerability and a high security issue that is exploited in the wild.

author

Martin Brinkmann

publisher

Ghacks technology news

logo

advertisement

About Willie Ash

Check Also

can-newsletter.org – Miscellaneous

The MSP family from Promik is growing: The MSP2300Net in-system programmer enables the shortest programming …