If you are using the Google Chrome browser on your Android handset, please update it immediately with the version available in the Google Play Store
† According to MUO
That’s because an exploit labeled as “high” severity could allow a malicious app to take control of your phone. Google says it will remain silent on the issue until a majority of Chrome users have installed the patch.
If you update Chrome on your Android phone to version 103.0.5060.71, the exploit will be patched. To see which version of Chrome you are currently using, go to Settings † apps † View all xxx apps † Chrome† Scroll down and you should see the version of Chrome running on your Android phone.
If the version of the browser you’re using is lower than the aforementioned 103.0.5060.71, you’ll want to update to the patched version as soon as possible (as soon as possible, as the young whipper snappers of today might say). But there’s a caveat and it’s a big one; Chrome cannot be uninstalled from Android.
This writer’s version of Chrome on the Pixel 6 Pro is vulnerable to abuse
So it’s best to keep checking when the next version of Chrome is available on the Google Play Store. And this is how it is done:
1. Go to the Google Play Store and tap the profile icon in the top right corner of the screen.
2. Tap Manage apps and device.
3. Under Available updates, tap View details.
4. Look for an update for Chrome. If there is one, tap the word Update. If there is no update, close the screen and try again later.
5. If you are allowed to install an update, follow the instructions at the top of the article to check the version number you have installed on your phone. Make sure it is 103.0.5060.71 or higher.
The exploit appears to be related to Web RTC. This is a platform that supports video, voice and generic data sharing. Developers use the platform to build voice and video apps.
This is a serious problem and has allegedly been exploited by malicious attackers. It has a Common Vulnerabilities and Exposures (CVE) number of CVE-2022-2294. Google has said it is “aware that an exploit for CVE-2022-2294 exists in the wild.”