Google Chrome 107 update fixes security vulnerability that is exploited in the wild

Martin Brinkmann
Oct 28, 2022
Google Chrome
|
15

Google released a second security update this week for its Chrome web browser; it patches a security vulnerability that is exploited. Google released Chrome Stable 107 earlier this week and addressed 14 different security issues in the update.

The security update is available for desktop versions of Chrome and for Android. The Chrome Stable Extended channel was updated as well, but Google makes no mention of the security fix in the release notes.

google chrome 107 security update

The security update is available already. Most Chrome web browsers will receive the update automatically, thanks to the integrated automatic updating functionality of the web browser.

These updates do not happen in real-time. Chrome users may run manual checks to install the security update and protect their devices against potential exploits. Load chrome://settings/help in the browser's address bar or select Menu > Help > About Google Chrome, to start the update check. Chrome downloads and installs any update that it finds during the check automatically. A restart of the browser is required to complete the process.

Chrome should display the version 107.0.5304.87 on Mac and Linux devices, and 07.0.5304.87/88 on Windows devices after the update installation.

The official release notes provide little information. The update has a severity rating of high and it is listed as a type confusion vulnerability in V8. It has been reported to Google by Avast employees.

Google notes that it is aware of reports that the security issue is exploited in the wild. The company does not provide additional details on the exploit or how widespread these attacks are. Chrome users and administrators may want to update the browser to the new version as soon as possible to protect it from potential attacks.

Now You: when was the last time you updated your browser?

Summary
Google Chrome 107 update fixes security vulnerability that is exploited in the wild
Article Name
Google Chrome 107 update fixes security vulnerability that is exploited in the wild
Description
Google released a second security update this week for its Chrome web browser; it patches a security vulnerability that is exploited.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «
Next Post: «

Comments

  1. Leopeva64 said on October 29, 2022 at 3:39 pm
    Reply

    It looks like the JPEG XL format will be deprecated in Chrome 110:

    https://twitter.com/Leopeva64/status/1586187642273935360

    .

  2. Andy Prough said on October 28, 2022 at 6:34 pm
    Reply

    Using anything with any Google code is just an invitation to catastrophe at this point. Time to get off the web altogether and move over to Gemini space — Lagrange is a fantastic desktop browser, Amfora for the terminal, and Buran and Deedum for mobile.

  3. ECJ said on October 28, 2022 at 1:14 pm
    Reply

    “…Google notes that it is aware of reports that the security issue is exploited in the wild.”

    Another week, another Chrome zero day. Perhaps those “Holier Than Thou” Google Project Zero employees should spend more time analysing their own products, instead of just being an extension of the Google marketing department to attack their competitors.

    1. disappointed said on October 28, 2022 at 3:49 pm
      Reply

      This is not an issue for Chrome, but for its clones Brave has not released a new version since the 25th. Opera and Vivaldi are still on Chromium 106.

      Now that Chrome finally has a sidebar, using anything else is a gamble.

      1. ryuk said on October 31, 2022 at 2:27 pm
        Reply

        It’s not easy to maintain all the patching and keep up-to-date with Google’s release schedule.

        https://github.com/brave/brave-browser/issues/6378#issuecomment-725773778

      2. Iron Heart said on October 28, 2022 at 6:27 pm
        Reply

        @disappointed

        Not sure if I would call it a gamble, as Brave usually updates ca. 1 day after Chrome, which seems acceptable to me.

        Of course Google will be fastest, they are the main contributor of Chromium and can release Chrome pretty much immediately when Chromium is patched.

    2. Iron Heart said on October 28, 2022 at 2:24 pm
      Reply

      @ECJ

      Another week, another FF user comment where the commenter does not understand that Chromium is actually being used. If you search a codebase with the complexity of an operating system long enough, you will find zero days. Chromium is used by the overwhelming majority of netizens and is an attractive target.

      When Project Zero finds and reports an issue, it actually IS an issue. They are not known for false positives. They also report it in private at first and when nothing is done, only then do they publish issues. Also, many Chromium security issues were actually reported in-house, suggesting that they do search their own products too.

      1. Jody Thornton said on October 28, 2022 at 4:08 pm
        Reply

        I know .. it’s almost getting fatiguing hearing the Gecko fanboys criticize all things Blink. Hey I loathe Chrome and most things Google too, but only people on forums and blogs like this care one iota about privacy. Security from virii, trojans and hackers sure, but privacy, not so much.

        Most in the wild use their phones as their primary online device, and they want a desktop browser that syncs with all of that. Moreover, many are truly aware that apps and companies like Twiitter, Meta and Google collect their data – and guess what? They are FINE with it. The advantags that mobile devices give them are just too sexy and convenient to do without. Think of all of the influencers that love YouTube having ads on their videos. It actually gives them a side hustle, or in some cases a career. I’ve noticed that I probably follow two dozen YouTubers now. Sure I block the ads in uBlock Origin, but I get why ads are part of that landscape now.

        Even I now realize that all I really care about is UI customization. Disabling JavaScript or refusing to use sites built with WebComponents, or using third party YouTube sites is for nigh, because sites will not function properly then. Advertisers ALWAYS sought information about their potential customer base. Now they have a much easier electronic method doing it.

        So when I come here now, it seems as if everyone is “old” somehow. And keep in mind, I play LPs, have CRT television, still use Windows 8, and have a pop out antique toaster as my daily driver. Throw in a 1999 Toyata Camry, and at 52, I’m indeed old for my age. But I’m not blind to the world around me. Mobile and apps ARE IT NOW. The desktop just gets to hang out with the rest of it, but it’s not it’s own world any more.

      2. Privately said on October 29, 2022 at 3:38 am
        Reply

        And you are also spot on about many people being more than aware of the privacy-convenience tradeoff and making their own decisions – all knowledge doesn’t just exist on internet forums

      3. Privately said on October 29, 2022 at 3:34 am
        Reply

        @Jody Thornton

        We’ll said as usual. As someone of about the same vintage I too remember the days when advertisers used mailing lists (as in postal, not email) to keep track of what they thought we wanted, and all the other various methods they had. It is actually easier these days to block this stuff – I use basic Brave with a couple of @Iron Heart’s tweaks and I virtually never see an ad, which suits me fine and yet I can see all the web I want to see. I don’t want it broken – there’s no point for me if it is.

        But like you I realise people need them to make a living (funnily enough I work in an ad-funded industry too) and good luck to them.

        Maintaining true privacy is about a lot more than a computer, which is among the least of the problems – sadly not many people realise this, but after many years life experience they might.

        Love my LPs, pop-up toaster and wind-up wristwatch too…

      4. Iron Heart said on October 28, 2022 at 6:24 pm
        Reply

        @Anonymous

        Yes, the less used and less audited code has nominally fewer issues found, color me surprised. See above.

      5. user said on October 29, 2022 at 9:47 pm
        Reply

        @Iron Heart: Why do you ignore the fact that Chrome has a lot of redundant features, thus more likely to expose to security exploits.

      6. Anonymous said on October 29, 2022 at 9:38 am
        Reply

        @Iron Heart
        Nice cope.
        “It’s bugs we found in our own testing. We test every browser equally.”

      7. disappointed said on October 28, 2022 at 3:52 pm
        Reply

        Yep. I would feel safer on Chrome than on FF. Firefox doesn’t even have basic security features: https://old.reddit.com/r/netsec/comments/i80uki/theymozilla_killed_entire_threat_management_team/g15nchm/

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.