Google releases major security update for Chrome

chrome-108 major security update

Google released a security update for its Chrome web browser a moment ago that addresses a major security issue in the browser.

The update is available already, but Chrome users may want to speed up the installation to protect their devices and data. Google notes that malicious actors exploit the issue on the Internet already.

Chrome Download Now

The security update is available for desktop operating systems and for Android.

Chrome 108: how to update

Chrome users may want to open Menu > Help > About Chrome in the browser to display the current version. Chrome runs a check for updates automatically when that page opens. Any update found will be installed automatically.

The following versions should be displayed after the update installation:

  • Chrome for Windows: 108.0.5359.94 or 108.0.5359.95
  • Chrome for Mac or Linux: 108.0.5359.94
  • Extended Stable channel for Mac and Windows: 108.0.5359.94
  • Chrome for Android: 108.0.5359.79

Just compare the listed version with the version that Chrome reports when you open the about page. Updating requires a restart of the web browser to complete the installation process.

Chrome 108: the security issue

Google’s release post on the official Chrome Releases blog reveals some information on the fixed issue.

The most important information conveyed is that the issue is exploited in the wild.

“Google is aware that an exploit for CVE-2022-4262 exists in the wild.”

In other words: Google is aware of attacks that target the security issue. The company does not provide further information, e.g., on the scope of the attacks or where these may be encountered.

Still, in the wild refers to attacks on the Internet that users of the browser may experience. A patched version of Chrome protects against these attacks, while an unpatched Chrome may be attacked successfully.

The security issue has a severity rating of high, which is second only to critical.

The CVE record — CVE stands for Common Vulnerabilities and Exposures — offers additional insights.

“Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)”

Attacks are carried out using webpages. These need to contain attack code to be executed. It is still unclear how widespread the issue is based on the description.

Summary

Chrome users and administrators need to patch the web browser immediately. The update to the latest Chrome 108 version protects the browser against attacks, which are carried out at the time of writing.

The new major security update comes just days after the update to Chrome 108; this update fixed another 28 different security issues in the Chrome web browser.

Chrome includes automatic update functionality, but updates do not happen in real-time. Chrome users may speed up the installation of updates using the method described above.

While that is not necessary for non-security or emergency updates, it is essential when it comes to security updates.

Author: Jesús Bosque

{ "de-DE": "Ich bin Journalist mit über 30 Jahren Erfahrung in Videospielen und Technologie. Obwohl Videospiele schon immer mein Fachgebiet waren, habe ich begonnen, auch die komplexen Strukturen von Projektmanagement-Tools wie Asana sowie die Automatisierungen mit Make.com und N8N zu entdecken und zu genießen.", "en-US": "I’m a journalist with more than 30 years of experience in video games and technology. Although my specialty has always been video games, I’ve recently started enjoying exploring the intricacies of project-management tools like Asana, as well as automations with Make.com and N8N.", "es-ES": "Soy periodista con más de 30 años de experiencia en videojuegos y tecnología. Aunque mi especialidad siempre ha sido el videojuego, he empezado a disfrutar también de descubrir los laberintos de los programas de project management como Asana y las automatizaciones de make.com y de N8N", "fr-FR": "Je suis journaliste avec plus de 30 ans d’expérience dans le jeu vidéo et la technologie. Bien que ma spécialité ait toujours été le jeu vidéo, j’ai commencé à prendre plaisir à explorer également les méandres des outils de gestion de projet comme Asana, ainsi que les automatisations avec Make.com et N8N.", "it-IT": "Sono un giornalista con oltre 30 anni di esperienza nei videogiochi e nella tecnologia. Anche se la mia specialità è sempre stata il videogame, ho iniziato a divertirmi anche a scoprire i meccanismi degli strumenti di project management come Asana e delle automazioni con Make.com e N8N.", "ja-JP": "", "nl-NL": "Ik ben een journalist met meer dan 30 jaar ervaring in videogames en technologie. Hoewel videogames altijd mijn specialiteit zijn geweest, ben ik ook begonnen te genieten van het verkennen van de ingewikkelde wereld van projectmanagementtools zoals Asana en van automatiseringen met Make.com en N8N.", "pl-PL": "Jestem dziennikarzem z ponad 30-letnim doświadczeniem w grach wideo i technologii. Choć moją specjalizacją zawsze były gry wideo, ostatnio zacząłem również czerpać przyjemność z odkrywania zawiłości narzędzi do zarządzania projektami, takich jak Asana, oraz automatyzacji w Make.com i N8N.", "pt-BR": "Sou jornalista com mais de 30 anos de experiência em videogames e tecnologia. Embora meu foco sempre tenha sido os videogames, recentemente passei a gostar de explorar também os labirintos de ferramentas de gestão de projetos como o Asana e das automações com Make.com e N8N.", "social": { "email": "jesus.bosque@softonic.com", "facebook": "", "twitter": "", "linkedin": "" } }