The three critical failures that threaten your cell phone

Google announced a last minute update for the browser version Chrome 103 for Android phones and tablets in which they managed to correct critical bugs and includes improvements to security, stability and performance. Patch 103.0.5060.71 is characterized by resolve three vulnerabilities about which they did not want to reveal details in an official statement.

The company acknowledged that for the time being will restrict access to bug details and linksand urges all users to download and install the latest version of their browser.

Just a couple of months ago, another bug in Google Chrome endangered more 3 million users.

Google indicated that it is aware that an exploit exists for the breach named CVE-2022-2294, which is due to a “WebRTC Heap Buffer Overflow”. Chrome version 103 (103.0.5060.71) for Android, which correct these errors and implements “internal audit fixes, fuzzing, and other initiatives

The technology giant appreciated the “corrections” provided by external researchersalthough for the moment it has not determined an economic amount for reward the experts who warned of these errors. However, in their statement they limited themselves to indicating that there will be compensation TBD (‘To be announced’).

The gap CVE-2022-2295, led to “type confusion in V8”, was reported by users named avaue and Buff3tts on SSL on June 16. The compensatory amount in this case will be $7,500.

They also thanked all the security researchers for their work during the update development cycle to prevent security bugs from reaching the stable channel.

Likewise, Google recalled that many of its security errors are detected by open source programming tools and error detectors such as AddressSanitizer, MemorySanitizer, UndefinedBehaviourSanitizer, Control Flow Integrity, libFuzzer or AFL.

Consumer Associations denounce Google in Europe

On the other hand, the technology giant from Mountain View (California) is not having a good time in Europe. The consumer protection associations of France, Greece, the Czech Republic, Slovenia and Norway presented this Thursday a claim before their respective data protection authorities denouncing Google’s practices on user privacy.

This is an action that has been coordinated by the Association of European Consumers (BEUC), which considers that Google is not respecting the General Data Protection Regulation of the European Union (RGPD).

Specifically, they denounce that during the process of opening a Google account, the company does not give users an option that guarantees “by default” privacy or the processing of personal data in a “fair, legal and transparent” way. .

On the contrary, it offers an “express” option in which, with a single step, the company is given permission to “control and exploit” the activity of consumers on the different websites and applications of the technological giant -such as Google Chrome, Gmail, Google Maps o YouTube– or from any company on the internet that uses Google services.

One of those permissions is to be able to show users custom adswhich is the main business of the company.

Instead, ask Google to ensure privacy of the data requires five steps “with unclear, misleading and incomplete information”, regarding the treatment that it will make of personal information.

Therefore, “the consent granted is not valid and Google lacks a legal basis valid for the processing of personal data”, as established by the RGPD.

BEUC also ensures that “consumer data are not collected for specific, explicit and legitimate purposes” and that the collection and storage of information is not limited to “the minimum necessary”, which is required by community regulations.

The report recalls that in order to have a Gmail email or to be able to use the Play Store, the mobile application store for Android devices, it is essential to open a Google account.

The consumer protection associations of the Netherlands, Denmark and Sweden have not joined the lawsuit, but have sent a letter to the national authorities of their countries informing them of Google’s practices, while that of Germany sent a letter to the company warning of a “possible civil lawsuit”.

BEUC already coordinated in 2018 another lawsuit against Google for its tracking practices through the geolocation of mobile devices, which the Irish data protection authority – where the technology giant is based in Europe – has not yet resolved.

With information from La Vanguardia and EFE.