• June 7, 2023

Adobe Reports After The Close On 6/15 — Options Contracts Expire The Next Day

According to NextEarningsDate.com, the Adobe next earnings date is projected to be 6/15 after the close, with earnings estimates of $3.53/share on $4.78 Billion of revenue. Looking back, the recent Adobe …

Apple TV And The Criterion Channel Outrage Film Fans By Censoring Classic Movie

The grim debate over whether it’s acceptable to edit older works of art to cater for modern ‘sensitivities’ has raised its head again with the discovery by eagle eyed film fans …

Things To Consider When Using Real Estate Leveraging To Build Wealth

Investors are constantly bombarded with conflicting information on debt, in small soundbites without much additional context. If you scour the internet for influencers’ takes on debt, you’ll see two major schools …

It is estimated that the Google Chrome web browser has a userbase in excess of three billion across platforms. Desktop users, be they of the Linux, Mac or Windows persuasion, are advised to update their browser as soon as possible as nine new security vulnerabilities, including one rated critical, are confirmed by Google.

Critical new Google Chrome web browser vulnerability confirmed

In a June 21 posting to Google’s Chrome releases channel, a security update was confirmed that fixes a total of 14 issues. Nine of these are vulnerabilities that have been given Common Vulnerabilities and Exposures (CVE) ratings from low right up to critical.

Although, as far as I am aware, none of the security vulnerabilities listed have been exploited by attackers at this time, the threat window is still open and the attack clock ticking. As such, it’s important to take this warning to update seriously.

But don’t just take my word for it, the Cybersecurity & Infrastructure Security Agency (CISA) has also advised users to apply the necessary update across operating system platforms as an attacker could exploit the vulnerabilities to take control of a targeted device.


Google awards $44,000 in bug bounty payments to Chrome security researchers

Indeed, the nine listed vulnerabilities have been taken seriously enough by Google to earn the security researchers who uncovered them a total of $44,000 in bug bounty payments.

I recommend you kick-start this latest Chrome 103 security update, which Google says will “roll out in the coming days/weeks” as a matter of urgency. Don’t wait for the automatic update to arrive, which can sometimes be sitting there waiting for the required browser restart for days or weeks given individual browser use cases. Instead, go to the Help|About option in your Google Chrome menu to force an update check and automatically download and install it. You will, of course, still need to restart your browser to ensure the update has been implemented and is protecting you from potential harm.

What are the security vulnerabilites fixed by the Chrome 103.0.5060.53 update?

So, what are the most important vulnerabilities to be fixed in this update to Chrome version 103.0.5060.53?

Top of the shop is the critical-rated CVE-2022-2156, a use after free vulnerability discovered by an in-house Google Project Zero researcher.

There are also two high-rated vulnerabilities, CVE-2022-2157 is another use after free one plus CVE-2022-2158, a type confusion issue.

The three medium and three low-risk vulnerabilities are, in order, as follows: CVE-2022-2160 (insufficient policy enforcement in DevTools), CVE-2022-2161 (use after free in WebApp provider), CVE-2022-2162 (insufficient policy enforcement in File System API), CVE-2022-2163 (use after free in Cast UI and toolbar), CVE-2022-2164 (inappropriate implementation in Extensions API) and CVE-2022-2165 (insufficient data validation in URL formatting).


Leave a Reply

Your email address will not be published.