[German]Google has released security updates for Google Chrome in the 107 branch in the stable and extended channel for Mac, Linux and Windows as well as for Android on October 27, 2022. It does so in an update that closes a vulnerability that is already being exploited.
Advertising
Google Chrome 107.0.5304.87 (Stable Channel)
The relevant entry for Chrome 107.0.5304.87 in the Stable Channel can be found on the Google blog. This update fixes a vulnerability in macOS, Linux and Windows that is rated as high and is already being exploited.
[$TBD][1378239] High CVE-2022-3723: Type Confusion in V8. Reported by Jan Vojtěšek, Milánek, and Przemek Gmerek of Avast on 2022-10-25
The CVE-2022-3723 vulnerability allows privilege escalation via the V8 JavaScript engine, and there is an exploit "in the wild". Google does not provide more detailed information, AVAST is likely to have picked up on this exploit via telemetry.
Chrome will be rolled out to systems via the automatic update feature in the next few days. One can (and in this case should) also update the browser manually (via the menu and the About Google Chrome command). The latest build of the Chrome browser can also be downloaded here.
Google Chrome 106.0.5249.168 (Extended Stable Channel)
The relevant entry for Chrome 06.0.5249.168 in the Extended Stable Channel can be found on the Google blog. Google does not provide any further details on what has been fixed, but plans to roll out the update for macOS and Windows in the coming weeks.
Advertising
Google Chrome 107.0.5304.91 for Android
This entry states that for Android, version 107.0.5304.91 will be released in the Google Play Store in the coming days. The update contains the same security fixes as the corresponding desktop versions (Windows: 107.0.5304.87/.88, Mac: 107.0.5304.87, Linux: 107.0.5304.87).
