Google Chrome is under attack on Windows and Android. The latest security hole in WebRTC has an exploit that’s circulating in the wild, so you don’t want to browse without installing the patch. Here’s what you need to know.
The zero-day security hole involves a buffer overflow in WebRTC, a real-time communication standard supported in all major browsers. It’s used for building audio and video communication applications on websites.
Google hasn’t provided details on the bug and won’t do so until a majority of Google Chrome users have installed the security patch. It’s classified as “high” severity. It’s very possible it could allow a malicious website to take control over your PC.
The good news is a fix is already here in the form of Google Chrome version 103.0.5060.114 for Windows and (Chrome 103.0.5060.71 on Android.) Google Chrome will automatically install updates, but the browser may take up to 24 hours to install them, and Chrome won’t automatically restart after installing an update—it will prompt you to restart your browser.
In a time when an exploit is circulating online, you don’t want to browse without updating. We recommend installing the update immediately and restarting Chrome without waiting for the automatic process.
To do so on Windows, click the menu button at the top-right corner of the Chrome browser window and select Help > About Google Chrome. (On Android, you’ll need to update Chrome from the Play Store.)
Google Chrome will automatically find and install the update (if it hasn’t already been installed) and you’ll see a progress indicator. When Chrome is done installing the update, click the “Relaunch” button.
That’s it—your Chrome browser is now up-to-date. If you want to be sure it’s secure, check that the version number is at least 103.0.5060.114 after relaunching Chrome. (If Chrome doesn’t offer you the update and you’re on a lower version number, check back later—it may take some time to roll out. That’s up to Google.)