The Google Chrome version for Windows and Android are affected by a serious vulnerability that exists in the support of WebRTC, an open-source communication protocol that enables the transmission of audio and video through websites and applications.

To reveal the details, the zero-day security flaw (previously unknown to parties interested in fixing it) is supported by a buffer overflow in WebRTC. Because the vulnerability has been marked as very serious, Google has not released any information about it, and it appears that it will not do so until the patch is widely distributed among Chrome users for Windows and Android.

If the vulnerability is successfully exploited, a malicious website could take control of your entire computer (smartphones are also computers, in case anyone is confused). Fortunately the patch has already started to be distributed, specifically in versions 103.0.5060.114 for Windows and 103.0.5060.71 for Android. On Microsoft, if Chrome is used regularly, the update should arrive automatically while using the application, but in extreme cases it is possible to force the process by going to Menu > Help > “About Google Chrome” and As a last resort, uninstall the application and reinstall it .

For his part, in Android Apps are updated through the Play Store apps if no custom ROM has been installed, as if so the Google Store could have been replaced by something like F-Droid. But in the case of keeping the Android implementation provided by the smartphone manufacturer, there are steps to be followed open the app from the Play Store and click on the user icon in the upper right corner and then do the same on “Manage applications and devices”. Once you enter the section, click “Update All”.

Keeping software up-to-date is very important to prevent vulnerabilities, although it is not a panacea, as malicious actors often maintain vulnerabilities in a way that is unknown to the public or developers, which eventually becomes a zero-day.

In addition to the WebRTC vulnerability, Google has fixed others, including a confusion-type vulnerability that affects V8, the Chromium (and Chrome) JavaScript engine. The Mountain View giant is aware that the vulnerability that affects WebRTC has been exploited, so we recommend updating Google Chrome as soon as possible if the above versions or higher have not yet been received.