If your Google Chrome build has yet to update automatically, now would be a good time to initiate manual update (opens in new tab), the company has said.
Google has released Chrome 104, the next version of its popular browser (opens in new tab) containing fixes to a couple of high-severity flaws.
Chrome 104 has just been released for Windows, Mac, and Linux, and it addresses a total of 27 flaws, 15 of which are of medium severity, and seven of which are of high severity. Google says these are not being exploited in the wild right now, but that’s something that can change at any moment. The high severity flaws affect the Omnibox, Safe Browsing, Dawn WebGPU, as well as Nearby Share, and among the medium severity flaws is a side-channel information leakage issue affecting the keyboard input.
Replacing U2F API
The Omnibox issue, a memory-related “use after free” flaw, is tracked as XCVE-2022-2603, with Google reportedly paying a $15,000 bounty to the finders. The Safe Browsing flaw is tracked as CVE-2022-2604, while the Nearby Share is tracked as CVE-2022-2609.
As usual, Google is being tight-lipped on the details, until the majority of endpoints have been patched.
For Chrome 104, Google has also replaced U2F API, the original security key API for Chrome, with Web Authentication (WebAuthn) API.
The latter had been standard for some three years now, but despite it being around for long, some websites will still need to migrate to the new API.
“U2F never became an open web standard and was subsumed by the Web Authentication API (launched in Chrome 67). Chrome never directly supported the FIDO U2F JavaScript API, but rather shipped a component extension called cryptotoken… U2F and Cryptotoken are firmly in maintenance mode and have encouraged sites to migrate to the Web Authentication API for the last two years,” Google said.
- Get ultimate device protection with the very best antivirus (opens in new tab)
Via: ZDNet (opens in new tab)