Google Chrome 107 Stable out with 10 security fixes
Google released a new stable version of the company's Chrome web browser yesterday. The Chrome 107 update patches 10 different security issues in the web browser.
Chrome desktop installations should receive the update automatically over the coming days and weeks. Administrators may speed up the upgrade by updating the browser manually.
To do that, it is necessary to open chrome://settings/help in the browser's address bar (you may also reach the internal page via Menu > Help > About Google Chrome). Chrome displays the current version and runs a check for updates. The browser should pick up the update at this point and install it automatically.
Chrome is up to date if the following version is listed on the page (it depend on the operating system)
- Mac: 107.0.5304.110
- Linux: 107.0.5304.110
- Windows: 107.0.5304.106/.107
The new Chrome release fixes 10 different security issues in the browser. Google discloses externally reported vulnerabilities only to the public. For this particular update, six of the ten vulnerabilities are listed by Google. These are:
- [$21000][1377816] High CVE-2022-3885: Use after free in V8. Reported by gzobqq@ on 2022-10-24
- [$10000][1372999] High CVE-2022-3886: Use after free in Speech Recognition. Reported by anonymous on 2022-10-10
- [$7000][1372695] High CVE-2022-3887: Use after free in Web Workers. Reported by anonymous on 2022-10-08
- [$7000][1375059] High CVE-2022-3888: Use after free in WebCodecs. Reported by Peter Nemeth on 2022-10-16
- [$TBD][1380063] High CVE-2022-3889: Type Confusion in V8. Reported by anonymous on 2022-11-01
- [$TBD][1380083] High CVE-2022-3890: Heap buffer overflow in Crashpad. Reported by anonymous on 2022-11-01
All six security vulnerabilities have a severity rating of high, second only to vulnerabilities rated as critical. Google does not mention that any of the vulnerabilities are exploited in the wild at the time of releasing the update. Still, most administrators may want to update the browser as soon as possible to protect it from potential attacks.
Google released an update for the Android version of Chrome as well. The Android release includes the same security fixes as the desktop update according to Google. There has been no mention of an update for Chrome's Extended Stable channel.
Expect other Chromium-based browser developers to release updates for their browsers as well in the coming days.
Now You: do you run Google Chrome or another Chromium-based browser?
They must pay to discover the bugs because they won’t find the shoes in their own feet. Thanks for the article.
Now You: do you run Google Chrome or another Chromium-based browser?
Only ungoogled chromium (portable) as a secondary browser. They have already reviewed and approved the new version, so a new build should be forthcoming within the next 48 hours.