Google published a new security update for the company’s Chrome web browser that addresses three security issues in the browser. The new update comes less than a week after the release of Chrome 106, which addressed a total of 20 security issues in Chrome.
The new security update is available already. Chrome is updated automatically by default, but updates may happen days or even weeks after the release. It is better, often, to install the update manually to protect the browser against potential attacks targeting the security issues.
To do so, load chrome://settings/help in the browser’s address bar or go to Menu > Help > About Google Chrome. Chrome displays the current version that is installed and runs a check for updates. The check will pick up the new security update and install it in the browser.
Once installed Chrome Stable should display version 106.0.5249.91 and Chrome Extended Stable should display version 106.0.5249.91, which can be checked on the Help page.
Google reveals that two of the reported security issues have a severity rating of high. High is the second-highest rating after critical. One security issue was detected internally, and that means that it is not revealed by the company to the public.
- [$7000] High CVE-2022-3370: Use after free in Custom Elements. Reported by Aviv A. on 2022-09-22
- [$10000] High CVE-2022-3373: Out of bounds write in V8. Reported by Tibor Klajnscek on 2022-09-21
Google makes no mention of exploits in the wild, but there is always the chance that the company has not detected them yet or that attacks begin after the release of the security updates for Chrome.
Chrome users may check the official announcements for Chrome Stable and Chrome Extended Stable, but they don’t provide any additional details. other than a link to the update log, which lists changes meticulously.
Other Chromium-based browsers may post updates, as they may be affected by some of the reported security issues as well.
Now You: do you have Chrome installed on your devices?