If your version of Google Chrome hasn’t been updated automatically, now is a good time to initiate a manual update (opens in new tab)the company said.
Google releases Chrome 104, the next version of its popular browser (opens in new tab) Contains fixes for several high-severity bugs.
Chrome 104, just released for Windows, Mac, and Linux, addresses a total of 27 vulnerabilities, 15 of which are medium severity and 7 of which are high. These are not being exploited in the wild right now, but that could change at any time, Google said. High-severity vulnerabilities affect Omnibox, Safe Browsing, Dawn WebGPU, and Nearby Sharing, and medium-severity vulnerabilities include a side-channel information leak that affects keyboard input.
Replace U2F API
The Omnibox issue is a memory-related “use-after-free” bug tracked as XCVE-2022-2603, for which Google reportedly paid a $15,000 bounty to the finder. The Safe Browsing vulnerability is tracked as CVE-2022-2604, while Nearby Sharing is tracked as CVE-2022-2609.
As usual, Google is tight-lipped about details until most endpoints are patched.
For Chrome 104, Google also replaced the U2F API, Chrome’s raw security keys API, with the Web Authentication (WebAuthn) API.
The latter has been the standard for about three years now, but even though it’s been around for a long time, some sites still need to migrate to the new API.
“U2F has never been an open web standard and is covered by the Web Authentication API (introduced in Chrome 67). Chrome never directly supported the FIDO U2F JavaScript API, instead releasing a component extension called cryptotoken… … U2F and Cryptotoken are firmly in maintenance mode and have encouraged sites to migrate to the Web Authentication API over the past two years,” Google said.
- Get ultimate device protection with the best antivirus software (opens in new tab)
pass: ZDNet (opens in new tab)
