top of page
Search

Google Issues a Security Alert to around 2 billion Chrome Users



Chrome users should be on high alert. Following a record-breaking year of assaults, Google has already sent the first severe new update warning of 2022 to all of the browser's two billion users.

Google verified the storey in a new blog post, revealing that 37 security flaws had been uncovered. Google has rated ten of these vulnerabilities as providing a 'High' threat level, with one attack rated as critically serious. Users of Linux, macOS, and Windows are all vulnerable and must take quick action.

Google is presently limiting information on all new attacks in order to give Chrome users more time, however it has highlighted the areas that these top threats are targeting:

  • Critical - CVE-2022-0096: Use after free in Storage.

  • High - CVE-2022-0097: Inappropriate implementation in DevTools

  • High - CVE-2022-0098: Use after free in Screen Capture

  • High - CVE-2022-0099: Use after free in Sign-in.

  • High - CVE-2022-0100: Heap buffer overflow in Media streams API.

  • High - CVE-2022-0101: Heap buffer overflow in Bookmarks

  • High - CVE-2022-0102: Type Confusion in V8 .

  • High - CVE-2022-0103: Use after free in SwiftShader.

  • High - CVE-2022-0104: Heap buffer overflow in ANGLE.

  • High - CVE-2022-0105: Use after free in PDF.

  • High - CVE-2022-0106: Use after free in Autofill.

Despite the fact that it is a new year, these dangers follow a pattern. For some months now, 'Use-After-Free' (UAF) exploits have been the preferred method of attack on Chrome, and they currently account for the vast majority of attacks. Since September, around 50 UAF vulnerabilities have been discovered in Chrome. UAF vulnerabilities are memory exploits that occur when a software fails to clear the memory pointer after it has been released.

Heap buffer overflow issues continue to be a common attack vector. Memory on the heap, sometimes known as 'Heap Smashing,' is dynamically allocated and often holds programme data. Critical data structures can be altered by an overflow, making it a perfect target for hackers.

Recommendation

As a result of these concerns, Google has made Chrome 97, a major new version of Chrome, available to all users. Google says that this update (precise version number 97.0.4692.71) "will be sent out over the next few days/weeks." This implies you might not be able to protect yourself right away.To check if you are up to date.

navigate to Settings > Help > About Google Chrome.

You are protected if your Chrome browser is identified as 97.0.4692.71 or above. If the update for your browser is not yet available, it is critical that you check for the latest version on a frequent basis. Remember that you must restart your browser after updating since you will not be protected until you do so. Something that many users overlook.

5 views0 comments

Comentários


bottom of page