Google released a new update to its Chrome browser for Windows with a fix for a severe zero-day vulnerability, the fourth such patch for Chrome this year.
The flaw impacts Chrome’s WebRTC (Web Real-Time Communications) component and was first reported by Jan Vojtesek from the Avast Threat Intelligence team on July 1st. Zero-day refers to vulnerabilities that are disclosed but not yet patched, while WebRTC is an open-source project and powers browser-based video call tools.
On July 4th, Google published a security advisory (via Bleeping Computer) noting that it was aware of exploits for the vulnerability that exist in the wild. Chrome version 103.0.5060.114 is rolling out globally to the stable desktop channel — Chrome users should make sure to update right away. Google says it’ll take a matter of days or weeks to hit its entire userbase.
To update, click Chrome’s menu button > Help > About Google Chrome. The browser should alert users if there’s an update available and provide an option to install and restart the browser. Make sure to check the version number to make sure you’re updating to the version of Chrome with the patch (version 103.0.5060.114).
It’s worth noting that Chrome auto-checks for new updates and installs them automatically on the next launch.
Bleeping Computer notes that Google didn’t share technical details about the vulnerability, despite it being a zero-day. Google’s security advisory notes that the company may restrict access to bug details “until a majority of users are updated with a fix.” Likely, Google will release the technical details once users have had time to install the update.