Google Reports 37 New Security Flaws In Chrome – Forbes
01/07 Update below. This post was originally published on January 5
Google Chrome users need to be on high alert. After a record breaking number of attacks last year, Google has already issued the first serious new upgrade warning of 2022 to all the browser’s two billion users.
37 new vulnerabilities have been found in Google Chrome
Google confirmed the news in a new blog post, where it revealed an eye-opening 37 security vulnerabilities have been discovered. Google has classified 10 of these vulnerabilities as posing a ‘High’ threat level with a further hack ranked as critically dangerous. Linux, macOS and Windows users are all affected and need to take immediate action.
01/05 Update: Google may have pushed a major new version of Chrome to combat these threats but the update is not working well on all platforms. Spotted by 9to5Google, Chrome users on iOS are reporting that the new version is completely unusable. Fast growing reports on both Reddit and the Google Chrome Help Forum state that the browser freezing within seconds of being opened, and restarts and reinstallations do not fix it.
9to5Google was also able to replicate the problem, confirming that it only began once Chrome was updated to version 97. This is the version Google released across all platforms, including Windows, macOS and Linux,though it is iPhone owners who appear to be primarily affected. Some users have found that clearing the browser’s cache can fix the issue but, for most, the browser freezes too quickly to open settings and make this change. Expect Google to issue an urgent fix but, until then, iPhone owners would be advised to stay well clear of Chrome 97.
Google is currently restricting information about all the new attacks to buy Chrome users time, but it has revealed the areas that these top threats are targeting:
It may be a new year, but these threats follow a familiar pattern. ‘Use-After-Free’ (UAF) exploits have been the favored route of attack on Chrome for several months now and make up the majority of exploits once again. There have now been almost 50 UAF vulnerabilities found in Chrome since September. UAF vulnerabilities are memory exploits created when a program fails to clear the pointer to the memory after it is freed.
Heap buffer overflow flaws also remain a popular route of attack. Also referred to as ‘Heap Smashing’, memory on the heap is dynamically allocated and typically contains program data. With an overflow, critical data structures can be overwritten which makes it an ideal target for hackers.
What You Need To Do
In response to these threats, Google has released Chrome 97, a major new version of Chrome, to all users. Google warns that this release (exact version number 97.0.4692.71) “will roll out over the coming days/weeks”. This means you may not be able to protect yourself immediately.
Google Chrome must be restarted after updating before you are protected.
To check if you are protected, navigate to Settings > Help > About Google Chrome. If your Chrome browser is listed as 97.0.4692.71 or higher, you are safe. If the update is not yet available for your browser, it is important that you check regularly for the new version. And remember, it is critical that you restart your browser after you have updated because you are not protected until this is done. Something many users forget.
Browser hacks broke records in 2021 and I fully expect them to be smashed again in 2022. So start the new year with a good deed and make checking your browser version the very next thing you do. Do it now.
Follow Gordon on Facebook
More On Forbes
Google Chrome 100 Release Could Cause Problems For Older Websites
Google Confirms 16th Zero-Day Chrome Hack, Issues Critical Update
via Inferse.com https://www.inferse.com
May 14, 2022 at 04:33AM