Chrome 108 update fixes security issue that is exploited in the wild

Martin Brinkmann
Dec 3, 2022
Google Chrome
|
31

Google released a new version of its Chrome web browser for desktop operating systems and Android on December 2, 2022. The new Chrome 108 update is a security update that addresses a single vulnerability that is exploited in the wild.

chrome 108 security update

The security update comes just a few days after the official release of Chrome 108 to the stable channel, which addressed 28 different security issues in the web browser.

The Chrome 108 update is already in distribution and it should land on most devices automatically in the coming days. Chrome users on desktop systems may speed up the installation of the update by loading chrome://settings/help in the browser's address bar or selecting Menu > Help > About Google Chrome.

ADVERTISEMENT

The current version is displayed on the page that opens. Chrome runs a check for updates and will download any that it finds to the local system.

Chrome should display the following version after the installation of the security update:

  • Chrome for Linux and Mac: 108.0.5359.94
  • Chrome for Windows: 108.0.5359.94 or 108.0.5359.95
  • Chrome Extended Stable for Windows and Mac: 108.0.5359.94
  • Chrome for Android: 108.0.5359.79

The official release notes provide information about the update. Google reveals that the update addresses a single security issue in Chrome that it rates as high. High is second only to critical when it comes to the severity of security issues.

[$NA][1394403] High CVE-2022-4262: Type Confusion in V8. Reported by Clement Lecigne of Google's Threat Analysis Group on 2022-11-29

Google confirms that the security issue is exploited in the wild. In other words: Chrome instances that are not updated to the latest version may be attacked successfully. Naturally, attacks won't happen on all visited websites, but specially prepared websites exist that target vulnerable devices.

The Chrome 108 update comes just a few days after the main upgrade to Chrome 108, which did resolve 28 different security issues in the browser.

Chrome users may want to update the browser at their earlier convenience to protect their devices from attacks. Expect other Chromium-based browsers, including Edge, Brave, Vivaldi and Opera, to release security updates as well in the coming days and weeks to address the issue.

Now You: when do you update your browsers?

Summary
Chrome 108 update fixes security issue that is exploited in the wild
Article Name
Chrome 108 update fixes security issue that is exploited in the wild
Description
Google released a new version of its Chrome web browser for desktop operating systems and Android on December 2, 2022.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «
Next Post: «

Comments

  1. Jojo said on December 3, 2022 at 9:35 am
    Reply

    Chrome 108? I am on Chrome Version 109.0.5414.25 (Official Build) beta (64-bit)

    AND it has broken the experimental

    Tab Scrolling
    Enables tab strip to scroll left and right when full

    The arrows to scroll left/right are gone. Now I have to use Ctrl-Tab and run through every tab to get from one end to another.

    1. Hitomi said on December 3, 2022 at 11:01 am
      Reply

      Another day, another exploit. Truly the flash player of browsers.

      >Now I have to use Ctrl-Tab and run through every tab

      You never used CTRL+1,2,3,4,…?
      Of course with 500 open tabs this gets funny.

      1. roger said on December 3, 2022 at 1:32 pm
        Reply

        let’s face it, this is embarrassing .. chromium is a dumpster fire

      2. Iron Heart said on December 3, 2022 at 3:25 pm
        Reply

        @roger

        …a dumpster fire used by only 80% of global internet users.

        Is this 4% market share cope, or what?

      3. Bobby Phoenix said on December 3, 2022 at 7:54 pm
        Reply

        Just because 80% of the market uses Chrome doesn’t make it good. Geez

      4. Iron Heart said on December 3, 2022 at 8:09 pm
        Reply

        @Bobby Phoenix

        Do so many people use it because it is outright terrible? Tell me your secret knowledge, oh wise one.

      5. Jojo said on December 3, 2022 at 8:11 pm
        Reply

        People used what is promoted heaviest and what is installed on their devices by default.

      6. Aluminum said on December 4, 2022 at 6:21 pm
        Reply

        Iron Heart is right. Internet Explorer is the best browser ever because it had the highest market share ever. Stop asking questions and do what big tech tells you, peasant.

      7. Mothy said on December 3, 2022 at 8:15 pm
        Reply

        Majority of people use it because they are sheep and do not know any better that there are other options available.

      8. Iron Heart said on December 3, 2022 at 8:40 pm
        Reply

        @Jojo, Mothy

        Again, this is…

        COPE
        O
        P
        E

        Internet Explorer was preinstalled as well. The fact is, Chrome is works for most people and they do not look for something else, like they did with IE.

        Firefox is not an unknown browser, it is also not a hidden gem. It had 30% market share like 10 years ago. People know about it, and people do not care.

      9. Jojo said on December 3, 2022 at 8:09 pm
        Reply

        Well, I do have about 60 tabs open and wouldn’t know what there numbers are.

  2. MultiEngine said on December 3, 2022 at 11:26 am
    Reply

    Thats why having multiple web browser with different engine is important since exploits that works on 1 would most likely not work on the other.

    Also hackers will be divided & will have a hard time exploiting multiple browsers rather than just easily focus on 1.

  3. John G. said on December 3, 2022 at 11:26 am
    Reply

    Every new day Chrome seems moreb to be a Microsoft software. Edge is now better than Chrome. Thanks for the article.

    1. Iron Heart said on December 3, 2022 at 11:57 am
      Reply

      @John G.

      Edge IS Chrome, except it sends your juicy data to Microsoft instead of Google. They are both based on Chromium, there is no security-related difference between the two.

      1. John G. said on December 3, 2022 at 4:20 pm
        Reply

        Edge is better for some features, despite both Edge and Chrome have security flaws. I prefer send telemetry to no one, however sending telemetry to Google is such a digital sin.

  4. Hitomi said on December 3, 2022 at 12:01 pm
    Reply

    >Now You: when do you update your browsers?

    They update on their own in the background. I’m not a pedantic control freak who blocks auto updates. If an update goes wrong I have regular profile backups. Same goes for my OS.

  5. Tom Hawack said on December 3, 2022 at 12:27 pm
    Reply

    “Now You: when do you update your browsers?”

    Besides whatever chromium browser? A clean update for every new release provided they concern my environment; for instance I haven’t updated Firefox from 107.0 to 107.1

    Concerning Chromium browsers, it’s not that I don’t update them, it’s that I don’t use them …

    [https://www.googlewatchdog.com/] which includes a link to [http://infolab.stanford.edu/~backrub/google.html] when our future entrepreneurs, then stated clearly :

    “The goals of the advertising business model do not always correspond to providing quality search to users…. We expect that advertising funded search engines will be inherently biased towards the advertisers and away from the needs of the consumers.”

    C’mon!

    1. Tom Hawack said on December 3, 2022 at 12:49 pm
      Reply

      I love to state myself, less when it concerns a correction :

      “for instance I haven’t updated Firefox from 107.0 to 107.1” : that’s 107.0.1 of course.

      Tom (that’s me), this is not the first time you edit one of your comments : mistaking is acceptable, repeating it far less.

  6. Andy Prough said on December 3, 2022 at 3:20 pm
    Reply

    Chrome/chromium are now up to 20 zero-day exploits for the calendar year 2022.
    This one was due to a programming error in Google’s V8 javascript engine. Be safe – disable javascript, or use noscript or uBlock with javascript disabled. Do what you have to do.

    Comparison (courtesy of the Known Exploited Vulnerabilities Catalog from the US Cybersecurity & Infrastructure Agency):
    Firefox – 4 zero-day exploits in 2022
    Safari – only 2 all time
    Pale Moon – 0 all time
    Seamonkey – 0 all time
    Netsurf – 0 all time
    links2 text-based browser – 0 all time

    1. Iron Heart said on December 3, 2022 at 3:23 pm
      Reply

      Nice comparison, except all browsers in there other than Safari are irrelevant, and links2 is a text-based browser haha. How would you know of security issues if no one cares enough to hack them? Pale Moon certainly is architecturally not secure and neither is Firefox.

      1. Anonymous said on December 3, 2022 at 3:33 pm
        Reply

        @Iron Heart
        Keep being delusional lol

      2. Iron Heart said on December 3, 2022 at 8:31 pm
        Reply

        @Anonymous

        Where exactly is my comment „delusional“? It is delusional to assume that a 4% market share browser is attacked as often as Chromium is. The others are even more irrelevant.

      3. Andy Prough said on December 4, 2022 at 4:30 am
        Reply

        >”all browsers in there other than Safari … no one cares enough to hack them”

        Good point. We should all abandon browsers built on Google’s code and use alternatives since almost no one is hacking them.

      4. Iron Heart said on December 4, 2022 at 1:04 pm
        Reply

        @Andy Prough

        If Firefox gets more users, it will become a more attractive target and can no longer hide in obscurity, thereby exposing its lack of security. xD

        Logic is not your strength.

      5. Andy Prough said on December 5, 2022 at 6:06 am
        Reply

        Mozilla also uses a lot of Google’s code. My preference would be for more people to try out the alternative browsers – Pale Moon, Seamonkey, Netsurf, Otter browser. They are all great fun, and all allow for extensive amounts of customization. Some of the webkit browsers are enormous amounts of fun – I’m a huge fan of the Luakit browser, which can be extensively customized by modifying a config file written in lua script. Luakit has ad blocking and noscript functions built right into the browser, Vim key-bindings, it’s just a joy to run.

        If people are insistent on using browsers based on Mozilla code, I would recommend Librewolf and Icecat – they are compiled from the ground up with better security and privacy settings.

      6. Jody Thornton said on December 5, 2022 at 10:54 am
        Reply

        @Andy

        Except they DON’T WORK on commonly used sites. You have to stop fighting with “normies” as they are the market that tech giants want. By the way, most people KNOW about Google’s privacy issues. Guess what? They REALLY DON’t care. At All!

      7. Andy Prough said on December 5, 2022 at 3:26 pm
        Reply

        Actually they DO work on all sites that are compliant with internet standards, which includes most commonly used sites. If you are visiting sites that don’t follow standards and that hack together javascript that only runs on Chrome’s nasty V8, then you are putting yourself directly in the line of fire of the type of exploit that was caused by today’s V8 Google coding error. Cultivate a better and safer online life for yourself.

  7. Leopeva64 said on December 3, 2022 at 7:23 pm
    Reply

    Speaking of Chrome, Google is working on a redesign of the browser for next year and the first glimpses of the refreshed UI can already be seen in the Canary version:

    https://redd.it/zblfvh

    .

  8. Mad Ignorant Heart said on December 3, 2022 at 9:54 pm
    Reply

    @Hitomi

    > . Truly the flash player of browsers.

    google-chrome-is-the-most-vulnerability-ridden-browser-in-2022
    The numbers are based on the data provided by the VulDB vulnerability database.
    https://atlasvpn.com/blog/google-chrome-is-the-most-vulnerability-ridden-browser-in-2022

    No doubt there will be excuses from the google fans.

    @ Bobby Phoenix

    > Just because 80% of the market uses Chrome doesn’t make it good. Geez

    Iron Heart does not understand this, he is too busy here making excuses for googles abysmal track record on chrome/chromium codebase security, he likely has been thoroughly and truly fooled by google marketing their record breaking vulnerability-ridden-browser of 2022 (Chrome) as some great engineering achievement or something.

    He probably watched some Chrome advertisement on the TV and got mesmerized by all the colors from the chrome logo and everyone telling him how great google chrome is, like clueless-aidan, the author of Iron Hearts most favorite blog of all time which contains copious amounts of BS!. No surprize why Iron H owns a google pixel phone and is here making excuses for googles abysmal track record as regards browser security time and time again. Iron Heart is a google fan true and true, truly dedicated it would seem. He is filled with vast amounts of knowledge he read from clueless aidan. Lol.

    Iron Heart seems like a guy that always has to have the latest NIKE shoes or something to feel fashionable, anything else is probably just irrelevant. Lack of popularity = Irrelevant as far as Iron Heart is concerned. Lol. Imagine if Iron Heart felt the same about music? How dare we may choose to listen to a song less popular, how dare we listen to something irrelevant in his opinion ?

    Firefox is called irrelevant by him because it does not have as high a market share as chrome.

    But what he fails to comprehend is how Firefox still has a decent market share and is still a popular browser.

    @Andy Prough

    > This one was due to a programming error in Google’s V8 javascript engine. Be safe – disable javascript,

    Firefox is just a safer browser to use, better programming = greater security and customizability.

    Chrome is a security nightmare.

    Heliconia Noise is a framework that deploys a Windows exploit for a Chrome renderer bug, which is then followed by a Chrome sandbox escape and agent installation. The Chrome versions 90.0.4430.72 to 91.0.4472.106 (ranging from April to June 2021) were exposed to this exploit until August 2021.
    https://www.makeuseof.com/google-discovers-exploit-framework-used-to-spread-spyware/

    Gullible people like Iron Heart would have people believe that Chrome/Chromium-based browsers have great sandbox exploit mitigations. Lol.

    Chromes sandbox makes no real difference, chrome still gets the most security issues and it is still not written in safer programming language like RUST in the way that Firefox is. Firefox is a pioneer in browser security and customizability.

    @Iron Heart

    > Pale Moon certainly is architecturally not secure and neither is Firefox.

    A big brain moment for Iron Heart. He got his thinking hat on and it fell off, lol.

    He thinks Firefox is architecturally not secure, but Chrome which is based on Chromium is the one getting constantly exploited the most as regards browsers, wouldn’t that make Chrome not as architecturally secure as Iron Heart likes to think it is? in the REAL WORLD, yes the REAL WORLD Iron Heart, it is Chrome and the Chromium codebase which does not have a good track record of being architecturally secure, especially when compared to the far lower number of security issues Firefox gets.

    An education for you Iron H, No software is really regarded as being 100% SECURE. Any security professional worth their salt will tell you that the potential for human error exists.

    As it stands though, if ones wants a safer browser to use, the more practical choice would likely be Firefox, because Firefox is a safer browser to use given its recent track record regarding the very few security issues that it gets, when compared side by side to the vulnerability ridden chromium browsers that are getting constantly very serious security problems.

    Iron H is only here like a fan making excuses for googles abysmal track record as regards poor security standards in chrome/chromium codebase.

    You love Google software and products Iron Heart. Why not just Admit it?

    You have to bring a more convincing argument backed up by statistics though, if you want people to believe that Chrome is more secure than Firefox, because posting a random opinion from a random blog means nothing when there are no statistics, now run along and keep making up excuses for inferior poorly managed browsers like Chrome.

    1. Anonymous said on December 4, 2022 at 10:49 am
      Reply

      @Mad Ignorant Heart

      >You love Google software and products Iron Heart. Why not just Admit it?

      I used to think he was a hardcore big tech Google fan, but reading his purposefully ridiculous statements made me realize he is gaslighting the gullible. He is clearly a Firefox shill, attempting to undermine Brave and Google in an attempt to make Brave users look uniformed and crazy.

  9. Anonymous said on December 5, 2022 at 8:41 am
    Reply

    On Ubuntu Firefox runs in its own sandbox isolated from the rest of the system. Checkmate

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.