Google Chrome 103 update fixes 11 security issues
Google has released a security update for its Chrome desktop and Android browsers. The update brings the stable channel version of Chrome to 103.0.5060.134 on the desktop, and to 103.0.5060.129 on Android.
The security update is already available. Most Chrome browsers will receive the update automatically, thanks to the built-in automatic updating functionality. Chrome users may speed up the installation of the security update on desktop versions of Chrome by loading chrome://settings/help in the browser's address bar.
The current version is displayed on the page and Chrome runs a check for updates to find out if a new version is available. If not installed already, Chrome will download and install the security update. A restart is required to complete the upgrade. The Android version of Chrome does not support such an option, as updates are distributed exclusively via Google Play.
Google Chrome 103 security fixes
Google published an article on the Chrome Releases Blog to inform Chrome users and administrators about the update. The blog post confirms that 11 different security issues are patched in the new Chrome release. Six of these, all reported by third-party researchers, are mentioned specifically on the blog. Google does not list security issues that it found internally on the blog.
The maximum severity rating of all 11 security issues is high, the second highest after critical. Here is the full list as reported by Google:
- [$16000] High CVE-2022-2477 : Use after free in Guest View. Reported by anonymous on 2022-06-14
- [$7500] High CVE-2022-2478 : Use after free in PDF. Reported by triplepwns on 2022-06-13
- [$3000] High CVE-2022-2479 : Insufficient validation of untrusted input in File. Reported by anonymous on 2022-05-28
- [$NA] High CVE-2022-2480 : Use after free in Service Worker API. Reported by Sergei Glazunov of Google Project Zero on 2022-06-27
- [$TBD] High CVE-2022-2481: Use after free in Views. Reported by YoungJoo Lee(@ashuu_lee) of CompSecLab at Seoul National University on 2022-07-04
- [$7000] Low CVE-2022-2163: Use after free in Cast UI and Toolbar. Reported by Chaoyuan Peng (@ret2happy) on 2022-03-21
Google makes no mention of attacks in the wild. It is still recommended to update Chrome to the latest version as soon as possible.
Google released the first Chrome 103 release earlier this month; this update included a fix for a 0-day vulnerability that was exploited in the wild.
Now You: do you use Google Chrome?
Speaking of Chrome, the new download bubble (which will soon replace the current download shelf) now supports ‘Quick actions on hover’:
And in Chrome Canary you can already test a *preview version of the new ‘Notes’ feature:
He can’t wait, he’d be disappointed otherwise, wouldn’t he? :=)
Come on guys, let’s make the chap happy, LOL
Regarding Chrome, never used it never will. Doesn’t mean other browsers are perfect, only that alternatives are imperative.
I just resent the fact that a simple logical deduction seemingly isn’t possible here. Well, either that, or outright propaganda in favor of your preferred project. In both cases people are actively being misled.
Who talks about Chrome… Tom, you have been around here for ages and you know that Chrome isn’t the only Chromium-based browser, it’s just the biggest one in terms of market share. Being a bit disingenuous here, eh? Isn’t that beneath you?
> alternatives are imperative
No, not at all. That is, if the alternative has the very same vision for the web as the thing it is supposedly an alternative to, meaning it is useless. Btw, a Chromium monopoly would be akin to a Linux monopoly… Many distros (browsers) all using the Linux kernel (Chromium base). Firefox is like FreeBSD in that scenario, so in a supposed Linux monopoly, you would be among the crowd demanding more use of FreeBSD. I am firmly within the “Let the market decide, as long as the dominant force ain’t closed source it will be OK” crowd.
> Who talks about Chrome …
The article does and it is to Google’s Chrome I was referring to. The article is not about Chromium based browsers.
Semantics regarding ‘alternative’. Alternatives to Google’s Chrome, that very one, again, mentioned in the article.
Regarding the fact a “same vision’ wouldn’t satisfy an alternative criteria, I don’t quite agree. You mention yourself Chromium based browsers and I understand you differentiate them from Google’s Chrome and I’ll presume you consider them as alternatives consequently. To make it concise and precise : anything but Google’s Chrome browser, is my opinion and one shared by many privacy-conscious users. From there on, some will worship ‘Brave’, others consider ‘Firefox’, or any of the plethora of available browsers on the market, chromium based included … but not Google :=)
> The article does and it is to Google’s Chrome I was referring to. The article is not about Chromium based browsers.
The article’s info is about security bugs affecting all Chromium-based browsers, not just Chrome. Chrome should hardly have any security issues of its own considering that it’s Chromium + some proprietary binary blobs + different branding essentially.
The wording of this article is false to begin with and should state “Chromium” instead of “Chrome”.
> I don’t quite agree
Reasons for your disagreement? Mozilla supports the following openly:
– Centralization instead of decentralization.
– Censorship (requiring the aforementioned centralization to work).
– Search engine monopoly.
– Content creators having no alternative to ad networks siphoning off user data.
Seems like the exact things Google also wants. Google funds Mozilla and they work together in various work groups including extension API standardization (extensions should empower the users, API revisions recently take that away). Google and Mozilla are also both members of the WEF, just so you know. I’ll play along with your “Mozilla Corp., only alternative to Google” nonsense for now even though it’s clear that they are pseudo-opposition at best.
So you’re claiming that Mozilla is “the loyal opposition” for Google / Alphabet?
I figured that out years ago.
The article is about Chrome. Yes, some of the vulnerabilities affect other Chromium-based browsers, but this is not the scope of the article.
False, the article is about Chromium because you are describing Chromium security bugs, not Chrome-specific security bugs (of which there are hardly any). You don’t even get that right, and seemingly need comments to correct you.
It’s also 100% clear from how Tom’s comment is written that it is meant as a reply to a comment I have written, but which has since disappeared. Kind mod, would you please tell me which rule of your rule set I have violated this time to warrant the removal? Or is the removal the completely unjustified, arbitrary joke I believe it to be? You limited Tom’s freedom of speech too and not just mine btw, you removed his comment as well… Just saying.
> You limited Tom’s freedom of speech too and not just mine btw, you removed his comment as well… Just saying.
Kind of you but I’m not complaining and cannot have the feeling of having been censored when what has been removed concerns a rude wording about a forum and its comments in perspective. My answer was nested and therefor removed. By the way my comment was empty in terms of pertinence regarding the article. No problem here. I guess my comment was useless anyway. I’ve never been censored here and censorship is *really* not the trademark of the place. As long as we stay correct and I dare say Martin is educated ands open-minded so when a comment is removed it is legitimately.
Closed as far as I’m cocerned. Let us carry on.
> censorship is *really* not the trademark of the place.
> rude wording
Realistic is not the same as rude.
> I guess my comment was useless anyway.
> I’ve never been censored here
The sentence before that may explain why you have never been censored. Too bland for even Martin to touch.
Do you have your own blog?
It would help if he had, then the site would be less busy with agitprop.
I’m just curious to know why someone who claims to hate everyone in here (his own words, not mine) spends so much time iny where he dislikes the people, the publications, the authors… Lots of pain to go through for very little gain.
If he started his own blog at least his time would be much more productive, and would have the freedom to write about whatever he wants and moderate however he sees fit.
He loves the attention and being an edgy contrarian. Some people live of that like water and air.
>of which there are hardly any
> claims to hate everyone in here
Natural reaction to the hateful bunch that you are, why complain? Should I like you and other people who dislike me? Logic?
LOL. I guess when you say something it has to be legit info that everyone needs to respect but if I say something it has to be agitprop, just because you are not of the same opinion. Ridiculous.
> edgy contrarian
I just have a different opinion on a lot of things and you are woefully unable to deal with it. Do you know what a bunch of people all having the same opinion is called? “Echo chamber”, you should look that one up before you come up with stuff like “edge contrarian” and similar BS.
Right back at you. What did you expect when you go full pedantic-mode unsolicited over and over like a 5 year old? Social skills?
He keeps trying, but equally how he listens to no one of us, his self-realization that many people don’t care about his antics is lost on him :^)
> the hateful bunch that you
> but if I say something
> I just have a different opinion
playing the victim, again
opinions are like assholes – everyone’s got one. you are entitled to your opinion, that doesn’t mean we have to agree with it, or respect it, or that martin has to allow it being constantly spammed in his house
go start your own blog and rant there – I’m sure you will get at least two visitors
Let’s not forget that “The overt expression of hate propagates more hate” – @SecMayorkas at the 2022 #AspenSecurity Forum.
All this ends up to words. There’s worse in life than exasperation by repeated comments, be they those of hatred, be they rude, even injurious. And there are always reasons for one’s behavior, illness for instance which often may render bitter. And we never know the face, the lives of one another here on the Web. Trying to keep a smile in adversity remains the best way to stop the fire or at least to slower its propagation.
‘Can’t wait for the bullshit comments insinuating that a certain “alternative” is supposedly more secure when it actually isn’t.’
But Firefox is secure. No need for comment war.
How are you, Mozilla?
Better than you.
moderation is not censorship. no-one is stopping anyone from speaking their mind in a public square. This square however, is martin’s house. stop shitting in it, and he won’t have to shovel it out the door
ps: typical to see who the offender is, yet again
Moderation is not censorship, indeed. Yet the results may be similar.
Quoting from [https://www.techdirt.com/2020/05/28/moderation-v-discretion-v-censorship-theyre-not-same/]
– Moderation is a platform operator saying “we don’t do that here”.
– Discretion is you saying “I won’t do that there”. Some people might think of discretion as self-censorship. But that phrasing focuses on the negative idea of chilled speech. I prefer to think of discretion as an act of personal restraint.
– Censorship is someone saying “you can’t do that anywhere” before or after threats of either violence or government intervention.
– Moderation As “Censorship” : some people refer to moderation decisions that affect them as “censorship” because they feel they’ve been censored. Maybe they think a platform punished them for holding certain political views. Maybe they think a platform punished them for bigoted reasons. Whatever the reason, those people feel that losing their spot on the platform is censorship. But they’re not angry about losing their right to speak. (Twitter, Facebook, etc. can’t take that away from them, anyway.)
Quoting from [https://www.quora.com/Where-does-the-distinction-lie-between-moderation-and-censorship-on-an-online-forum]
The truth is that moderation and censorship have almost nothing in common, except for the physical act of editing.
– Moderation edits out noise: emotional statements, personal attacks, random nonsense, and other commentary that is unnecessary, irrelevant, distracting, and otherwise destructive to the conversation.
– Censorship edits out content: statements that are intended to make a point or advance the intellectual aspects of the conversation
Both edit out comments. How to consider a situation where the moderator considers a comment as ‘noise’ whilst the commenter considers it as a ‘statement intended to make a point or advance the intellectual aspects of the conversation’?
And when a comment is totally removed is that relevant of noise edition or of censorship? As I’ve always understood it censorship defines in practice any removed content without the author’s consent, yet in legal terms censorship would require inclusion of ‘threats of either violence or government intervention.’ and implicitly consider the very right to express a given idea when moderation would be ‘it’s your right but not here”…
I’ll admit that moderation in its extended perception may go from a warning to the removal of a content, given removing is editing and that removing does not anticipate on a user’s rights to express himself… elsewhere.
How would you classify the good old “My house, my rules”? Moderation, Censorship, … ?
@thebrowser, my classification doesn’t count, the essential point is that we agree on definitions.
To answer nevertheless your question : before what I’ve posted above I would have answered censorship when a post is removed, now I’d call it moderation given indeed that rules applicable in one’s “house” have in no way the authority to be applicable elsewhere and therefor may not be labeled as censorship.
Thank you for answering, I think I’d agree with that definition.
I am using CHROME Version 103.0.5060.134 (Official Build) (64-bit). I had set my opening page with links to Gmail and Google apps as also my theme. The search engine selected by me was GOOGLE.
However since past 3 days when ever I open Chrome a new tab opens without any links to gmail or apps as also without my personal theme. Upon checking the search engine under settings it shows as CHROME SEARCH.
I delete CHROME SEARCH and make Google search as default. However each time I open Chrome it goes back to CHROME search!
Efforts to delete it is in vain. What do I do to have the Googlr search as my default opening page.