Google has released Chrome 104, the next version of its popular browser containing fixes to a couple of high-severity flaws.
Chrome 104 has just been released for Windows, Mac, and Linux, and it addresses a total of 27 flaws, 15 of which are of medium severity, and seven of which are of high severity. Google says these are not being exploited in the wild right now, but that’s something that can change at any moment. The high severity flaws affect the Omnibox, Safe Browsing, Dawn WebGPU, as well as Nearby Share, and among the medium severity flaws is a side-channel information leakage issue affecting the keyboard input.
Replacing U2F API
The Omnibox issue, a memory-related “use after free” flaw, is tracked as XCVE-2022-2603, with Google reportedly paying a $15,000 bounty to the finders. The Safe Browsing flaw is tracked as CVE-2022-2604, while the Nearby Share is tracked as CVE-2022-2609.
As usual, Google is being tight-lipped on the details, until the majority of endpoints have been patched.
For Chrome 104, Google has also replaced U2F API, the original security key API for Chrome, with Web Authentication (WebAuthn) API.
The latter had been standard for some three years now, but despite it being around for long, some websites will still need to migrate to the new API.
- Get ultimate device protection with the very best antivirus