October 4, 2022

Google Chrome Security Update

There’s a new Google Chrome security update you should install right now. According to the manufacturer, if your Google Chrome build hasn’t updated automatically, it would be wise to start a manual upgrade right away.

The newest version of Google’s well-known browser, Chrome 104, has been made available. It contains solutions for a few high-severity bugs.

Recently, Chrome 104 for Windows, Mac, and Linux was released. This version fixes 27 bugs, 15 of which are of medium severity and 7 of high severity. Google claims that these are not currently being used in the wild, but that could change at any time.

Omnibox, Safe Browsing, Dawn WebGPU, and Nearby Share are all affected by faults of high severity. A side-channel information leakage problem impacting keyboard input is one of the defects of medium severity.

Google Chrome security update: changing U2F API

The Omnibox weakness, a memory-related “use after free” vulnerability, is listed as XCVE-2022-2603, and Google is said to have offered a $15,000 reward to anyone who can discover it. The Nearby Share vulnerability is listed as CVE-2022-2609, whereas the Safe Browsing vulnerability is tracked as CVE-2022-2604.

Google is keeping quiet about the specifics until the majority of endpoints have been fixed, as is customary.

Web Authentication (WebAuthn) API has been added by Google as a replacement for U2F API, the original security key API for Chrome.

The latter has been the norm for around three years. Yet even after all this time, some websites still need to switch over to the new API.

“U2F was replaced by the Web Authentication API, although it never became an open web standard (launched in Chrome 67). Chrome shipped a component extension called cryptotoken rather than directly supporting the FIDO U2F JavaScript API. For the past two years, U2F and Cryptotoken have urged websites to switch to the Web Authentication API while they are firmly in maintenance mode “explained Google.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: