There’s another huge security Google Chrome update you should install right away
A number of high severity flaws Google Chrome flaws have been fixed, so patch now
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
If yourGoogle Chromebuild has yet to update automatically, now would be a good time to initiate manualupdate, the company has said.
Googlehas released Chrome 104, the next version of its popularbrowsercontaining fixes to a couple of high-severity flaws.
Chrome 104 has just been released for Windows, Mac, and Linux, and it addresses a total of 27 flaws, 15 of which are of medium severity, and seven of which are of high severity. Google says these are not being exploited in the wild right now, but that’s something that can change at any moment. The high severity flaws affect the Omnibox, Safe Browsing, Dawn WebGPU, as well as Nearby Share, and among the medium severity flaws is a side-channel information leakage issue affecting the keyboard input.
Replacing U2F API
The Omnibox issue, a memory-related “use after free” flaw, is tracked as XCVE-2022-2603, with Google reportedly paying a $15,000 bounty to the finders. The Safe Browsing flaw is tracked as CVE-2022-2604, while the Nearby Share is tracked as CVE-2022-2609.
As usual, Google is being tight-lipped on the details, until the majority ofendpointshave been patched.
Google Chrome users told to update immediately or risk attack>Chrome update will soon help you stop making a huge security mistake>Remove viruses and ransomware with the best malware removal software around
For Chrome 104, Google has also replaced U2F API, the original security key API for Chrome, with Web Authentication (WebAuthn) API.
The latter had been standard for some three years now, but despite it being around for long, some websites will still need to migrate to the new API.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
“U2F never became an open web standard and was subsumed by the Web Authentication API (launched in Chrome 67). Chrome never directly supported the FIDO U2F JavaScript API, but rather shipped a component extension called cryptotoken… U2F and Cryptotoken are firmly in maintenance mode and have encouraged sites to migrate to the Web Authentication API for the last two years,” Google said.
Via:ZDNet
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
7 myths about email security everyone should stop believing
Best Usenet client of 2024
This new malware utilizes a rare programming language to evade traditional detection methods
