Saturday, December 10, 2022
Home Events There's another huge security Google Chrome update you should install right away

There’s another huge security Google Chrome update you should install right away

Audio player loading…

If your Google Chrome build has yet to update automatically, now would be a good time to initiate manual update (opens in new tab), the company has said.

Google has released Chrome 104, the next version of its popular browser (opens in new tab) containing fixes to a couple of high-severity flaws.

Chrome 104 has just been released for Windows, Mac, and Linux, and it addresses a total of 27 flaws, 15 of which are of medium severity, and seven of which are of high severity. Google says these are not being exploited in the wild right now, but that’s something that can change at any moment. The high severity flaws affect the Omnibox, Safe Browsing, Dawn WebGPU, as well as Nearby Share, and among the medium severity flaws is a side-channel information leakage issue affecting the keyboard input.

Replacing U2F API

The Omnibox issue, a memory-related “use after free” flaw, is tracked as XCVE-2022-2603, with Google reportedly paying a $15,000 bounty to the finders. The Safe Browsing flaw is tracked as CVE-2022-2604, while the Nearby Share is tracked as CVE-2022-2609.

As usual, Google is being tight-lipped on the details, until the majority of endpoints have been patched.

For Chrome 104, Google has also replaced U2F API, the original security key API for Chrome, with Web Authentication (WebAuthn) API. 

The latter had been standard for some three years now, but despite it being around for long, some websites will still need to migrate to the new API.

“U2F never became an open web standard and was subsumed by the Web Authentication API (launched in Chrome 67). Chrome never directly supported the FIDO U2F JavaScript API, but rather shipped a component extension called cryptotoken… U2F and Cryptotoken are firmly in maintenance mode and have encouraged sites to migrate to the Web Authentication API for the last two years,” Google said.

  • Get ultimate device protection with the very best antivirus (opens in new tab)

Via: ZDNet (opens in new tab)

- Advertisment -

Most Popular

London Knights edge first-place Ottawa 67s in a shootout

On a day when both quarter-final matches at the World Cup of soccer were decided in shootouts, the London Knights and the Ottawa 67s...

More than 20 coolers wash up in Alaska from MV Zim Kingston cargo spill

A recreational pilot has collected 23 coolers from beaches on the central Gulf of Alaska believed to be cargo spilled from the MV Zim...

Stellantis is blaming EVs for its upcoming Jeep layoffs

/ It’s halting work at a facility in Illinois, potentially affecting over a thousand workers.One of Stellantis’ EV concept vehicles. Image: StellantisStellantis,...

Vancouver’s Sir Matthew Begbie Elementary officially renamed ‘wək̓ʷan̓əs tə syaqʷəm’

An elementary school in Vancouver has become the latest to replace its name with an Indigenous one, as governments and communities work to decolonize...