Google Chrome 108 security update fixes 8 security issues
Google released another point release update for Google Chrome 108 Stable that addresses 8 security issues in the web browser. This is the second security update for Chrome 108, which itself fixed 28 security issues in the browser as well.
The first Chrome 108 point release update fixed a security issue that was exploited in the wild at the time. The new Chrome update, released today, fixes issues that do not appear to be exploited yet, as Google makes no mention of that on the Chrome Releases website.
Chrome 108: second security update
The security update is already available for all supported desktop operating systems and for Android. As usual, it is possible to download the update immediately on desktop systems by opening chrome://settings/help in the browser's address bar.
Chrome displays the installed version on the page and runs a check for updates. Any update found is downloaded and installed automatically. A restart is required to complete the update.
The following versions of Chrome should be displayed after installation of the update:
- Chrome for Mac and Linux: 108.0.5359.124
- Chrome for Windows: 108.0.5359.124 or 108.0.5359.125
- Chrome Extended for Mac:108.0.5359.124
- Chrome Extended for Windows: 108.0.5359.125
- Chrome for Android: 108.0.5359.128
Just compare the version shown on the Help Settings page with the listed version above.
Google reveals information about five of the eight security issues on the blog. The company does not disclose security issues that it discovered internally. There is no critical security issue, but four are rated high and one is rated medium.
[$7000] High CVE-2022-4436: Use after free in Blink Media. Reported by Anonymous on 2022-11-15
[$6000] High CVE-2022-4437: Use after free in Mojo IPC. Reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute on 2022-11-30
[$1500] High CVE-2022-4438: Use after free in Blink Frames. Reported by Anonymous on 2022-11-07
[$TBD] High CVE-2022-4439: Use after free in Aura. Reported by Anonymous on 2022-11-22
[$3000] Medium CVE-2022-4440: Use after free in Profiles. Reported by Anonymous on 2022-11-09
Desktop versions of Chrome and the Android version are affected by the security issues. Administrators may want to update Chrome to the new version as soon as possible to protect devices against potential attacks targeting the security issues. The next major Chrome release is scheduled for January 10, 2023.
Expect other Chromium-based browsers to release updates as well to fix the issues in their browsers.Advertisement