If you use the Google Chrome browser on your Android handset you need to update it immediately with the version available in the Google Play Store
. According to MUO
, that’s because an exploit that is labeled as “high” severity could allow a malicious app to take control of your phone. Google says that it will remain mum about the issue until a majority of Chrome users have installed the patch.
Updating Chrome on your Android phone to version 103.0.5060.71 will patch the exploit. To see which version of Chrome your currently running, go to Settings > Apps > See all xxx apps > Chrome. Scroll to the bottom and you should see the version of Chrome running on your Android phone.
If the version of the browser you are using is lower than the aforementioned 103.0.5060.71, you’ll want to update to the patched version as soon as possible (ASAP as today’s young whipper snappers might say). But there is a caveat and it’s a big one; Chrome cannot be uninstalled from Android.
The version of Chrome on this writer’s Pixel 6 Pro is vulnerable to the exploit
So your best bet is to keep checking to see when the next version of Chrome is available from the Google Play Store. And this is how it is done:
1. Go to the Google Play Store and tap on the profile icon on the upper right of the display.
2. Tap on Manage apps & device.
3. Under Updates available, tap on See details.
4. Look for an update for Chrome. If there is one, tap on the word Update. If there is no update, close the screen and try again later.
5. If you do get to install an update, follow the directions at the top of the article to check the version number you’ve installed on your phone. Make sure that it is 103.0.5060.71 or higher.
The exploit appears to be related to Web RTC. This is a platform that supports the sharing of video, voice, and generic data. Developers use the platform to build voice and video apps.
This is a serious issue and reportedly it has been exploited by malicious attackers. It has a CVE (Common Vulnerabilities and Exposures) number of CVE-2022-2294. Google
has said that it “is aware that an exploit for CVE-2022-2294 exists in the wild.”