Google has confirmed a large number of serious vulnerabilities in its Chrome browser and Chrome users worldwide need to take action…
Google published the news on its official Chrome blog, revealing a head-turning 32 security vulnerabilities have been found which affect Chrome on Windows, macOS and Linux. An upgraded version of the browser is rolling out “over the coming days/weeks.”
Breaking down the vulnerabilities, Google classified eight as posing ‘High’ risk with one designated as ‘Critical’. Google is not disclosing full details of the vulnerabilities yet because it buys time for users to upgrade, but the highest-rated threats are listed below:
- High – CVE-2022-1633: Use after free in Sharesheet. Reported by Khalil Zhani on 2022-04-18
- Critical – CVE-2022-1853: Use after free in Indexed DB. Reported by Anonymous on 2022-05-12
- High – CVE-2022-1854: Use after free in ANGLE. Reported by SeongHwan Park (SeHwa) on 2022-04-27
- High – CVE-2022-1855: Use after free in Messaging. Reported by Anonymous on 2021-07-13
- High – CVE-2022-1856: Use after free in User Education. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-05-06
- High – CVE-2022-1857: Insufficient policy enforcement in File System API. Reported by Daniel Rhea on 2021-07-11
- High – CVE-2022-1858: Out of bounds read in DevTools. Reported by EllisVlad on 2022-04-07
- High – CVE-2022-1859: Use after free in Performance Manager. Reported by Guannan Wang (@Keenan7310) of Tencent Security Xuanwu Lab on 2022-05-05
- High – CVE-2022-1860: Use after free in UI Foundations. Reported by @ginggilBesel on 2022-02-15
- High – CVE-2022-1861: Use after free in Sharing. Reported by Khalil Zhani on 2022-04-16
While details are scant, the prevalence of Use After Free (UAF) bugs remains. 12 of the 32 vulnerabilities Google shared are UAF (a memory exploit), bringing the total to over 80 in 2022.
Google has released updated versions of Chrome for all platforms to combat these threats: 102.0.5005.61/62/63 for Windows and 102.0.5005.61 for macOS and Linux. To force the update immediately:
- Click the three dots in the top right corner of Chrome
- Click Settings > Help > About Google Chrome.
- Wait for Chrome to find and install the update.
- When prompted, restart Chrome (this is critical)
And this is not something to take lightly. In April, Google reported zero-day attacks (vulnerabilities actively exploited by hackers before a fix could be found) across all major platforms had more than doubled between 2020 and 2021, and 2022 is heading for another record.
Make updating Chrome the very next thing you do.
Follow Gordon on Facebook