Site icon Enrich of Tech Updates Across the World

There’s another huge Google Chrome security update that you should install right away

If your Google Chrome version has not yet been updated automatically, now would be a good time to start updating manually (opens in new tab)the company said.

Google has released Chrome 104, the next version of its popular browser (opens in new tab) which contains fixes to some high severity defects.

Chrome 104 has just been released for Windows, Mac and Linux and it addresses a total of 27 flaws, 15 of which are of moderate severity and seven of which are of high severity. Google says these are not being exploited in the wild right now, but that’s something that could change at any time. High-severity flaws affect Omnibox, Safe Browsing, Dawn WebGPU, as well as Nearby Share, and among the medium-severity flaws is a side-channel information leak issue affecting keyboard input.

U2F API replacement

The Omnibox issue, a memory-related “use-after-free” flaw, is tracked as XCVE-2022-2603, with Google reportedly paying $15,000 to users. The Safe Browsing flaw is tracked as CVE-2022-2604, while the Nearby audience is tracked as CVE-2022-2609.

As usual, Google is commenting on the details until most endpoints are patched.

For Chrome 104, Google has also replaced the U2F API, the original Security Key API for Chrome, with the Web Authentication API (WebAuthn).

The latter has been standard for about three years now, but despite being around for a long time, some sites will still need to migrate to the new API.

“U2F never became an open web standard and was included in the Web Authentication API (released in Chrome 67). Chrome never directly supported the FIDO U2F JavaScript API, but shipped a component extension called cryptotoken… U2F and “Cryptotoken is a solid maintenance feature and has encouraged websites to migrate to the web authentication API for the past two years,” Google said.

  • Get the ultimate device protection with the best antivirus (opens in new tab)

Via: ZDNet (opens in new tab)

Source link

Exit mobile version