Google has launched Chrome 104, the subsequent model of its standard browser (opens in new tab) containing fixes to a few high-severity flaws.
Chrome 104 has simply been launched for Home windows, Mac, and Linux, and it addresses a complete of 27 flaws, 15 of that are of medium severity, and 7 of that are of excessive severity. Google says these usually are not being exploited within the wild proper now, however that’s one thing that may change at any second. The excessive severity flaws have an effect on the Omnibox, Protected Shopping, Daybreak WebGPU, in addition to Close by Share, and among the many medium severity flaws is a side-channel info leakage challenge affecting the keyboard enter.
Changing U2F API
The Omnibox challenge, a memory-related “use after free” flaw, is tracked as XCVE-2022-2603, with Google reportedly paying a $15,000 bounty to the finders. The Protected Shopping flaw is tracked as CVE-2022-2604, whereas the Close by Share is tracked as CVE-2022-2609.
As common, Google is being tight-lipped on the small print, till the vast majority of endpoints have been patched.
For Chrome 104, Google has additionally changed U2F API, the unique safety key API for Chrome, with Internet Authentication (WebAuthn) API.
The latter had been customary for some three years now, however regardless of it being round for lengthy, some web sites will nonetheless must migrate to the brand new API.
- Get final system safety with the very best antivirus (opens in new tab)
By way of: ZDNet (opens in new tab)