If you use Google Chrome browser on your Android phone, you need to update it immediately the version available in the Google Play Store. Corresponding MUO, that’s because an exploit with a severity of “high” could allow a malicious app to take control of your phone. Google says it will remain silent about the issue until a majority of Chrome users install the patch.
If you update Chrome on your Android phone to version 103.0.5060.71, the exploit will be patched. To see what version of Chrome you’re currently running, go to settings > applications > Show all xxx apps > chrome. Scroll down and you should see the version of Chrome running on your Android phone.
If the version of the browser you are using is lower than the 103.0.5060.71 mentioned above, you should update to the patched version as soon as possible (as soon as possible, as today’s young whipper snappers would say). But there is one caveat and it’s a big one; Chrome cannot be uninstalled from Android.
This author’s version of Chrome on the Pixel 6 Pro is vulnerable to the exploit
So keep checking back to see when the next version of Chrome is available on the Google Play Store. And this is how it is done:
1. Go to the Google Play Store and tap the profile icon at the top right of the screen.
2. Tap Manage apps & device.
3. Under Available updates, tap View details.
4. Check for an update for Chrome. If there is one, tap on the word Update. If there is no update, close the screen and try again later.
5. If you need to install an update, follow the instructions at the top of the article to check the version number you have installed on your phone. Make sure it’s 103.0.5060.71 or higher.
The exploit appears to be related to Web RTC. This is a platform that supports video, voice and general data sharing. Developers use the platform to create voice and video apps.
This is a serious issue and has been reportedly exploited by malicious attackers. It has a CVE (Common Vulnerabilities and Exposures) number of CVE-2022-2294. Google has stated that it is “aware that an exploit for CVE-2022-2294 exists in the wild”.