Critical Chrome Browser Update Released for All Users
Google has confirmed several new vulnerabilities in its Chrome browser across all platforms, and users worldwide are encouraged to update as soon as possible.
Posting the news on its official Chrome blog, Google revealed that external researchers had discovered 24 vulnerabilities. Eight are classified as carrying a ‘high’ threat level, while one is considered ‘critical’. Here’s everything you need to know to stay safe.
Here is a list of the nine most serious new Chrome vulnerabilities:
- Critical – CVE-2022-3038: use after free in network service. Reported by Sergei Glazunov of Google Project Zero on 2022-06-28
- High – CVE-2022-3039: Usage after free in WebSQL. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2022-07-11
- High – CVE-2022-3040: use after free in Layout. Posted by Anonymous on 2022-07-03
- High – CVE-2022-3041: Usage after free in WebSQL. Reported by Ziling Chen and Nan Wang(@eternalsakura13) of 360 Vulnerability Research Institute on 2022-07-20
- High – CVE-2022-3042: Free to use in PhoneHub. Reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute on 2022-06-22
- High – CVE-2022-3043: Buffer overflow in screenshot. Posted by @ginggilBesel on 2022-06-16
- High – CVE-2022-3044: Improper implementation in site isolation. Reported by Lucas Pinheiro, Microsoft Browser Vulnerability Research on 2020-02-12
- High – CVE-2022-3045: insufficient validation of untrusted inputs in V8. Reported by Ben Noordhuis
- High – CVE-2022-3046: use after release in browser tag. Reported by VRI’s Rong Jian on 2022-07-21
Although no Zero Day vulnerabilities were reported, six of the eight used the same attack method: Use After Free (UAF). This memory exploit has become the most common method to hack Chrome in recent years, and it shows no signs of slowing down.
Heap Buffer Overflow attacks (causing four of the 24 vulnerabilities) also remain popular. Also known as “Heap Smashing”, memory on the heap is dynamically allocated and usually contains program data. With an overflow, critical data structures can be overwritten, making it an ideal target for attacks.
How to stay safe
In response to these new threats, Google released 105.0.5195.52 (Mac/Linux) and 105.0.5195.52/53/54 (Windows). If you are running an older version of Chrome, your browser is still vulnerable and you should update immediately.
To update Chrome, click the overflow menu bar (three vertical dots) in the top right corner of the browser, navigate to: Help > About Google Chrome. After updating, be sure to restart the browser.
For step-by-step visual instructions, check out my Chrome update guide.
Follow Gordon on Facebook
Learn more about Forbes