Google issues new security warning for Chrome browser users
Google has warned Chrome users that several new vulnerabilities have been discovered in its browser. Fixes will roll out “over the next few days/weeks”, although it’s possible to protect yourself now.
Google posted the news on its official Chrome blog, confirming seven vulnerabilities, including four discovered by external researchers that it classifies as carrying a “high” threat level. The vulnerabilities affect Chrome on Windows, macOS, and Linux.
Several new high-level threats have been discovered in Google Chrome
Google lists the four high-risk vulnerabilities as:
- High – CVE-2022-2007: Use after free in WebGPU. Reported by David Manouchehri on 2022-05-17
- High – CVE-2022-2008: out of bounds memory access in WebGL. Posted by khangkito – Tran Van Khang (VinCSS) on 2022-04-19
- High – CVE-2022-2010: Reading out of bounds in compositing. Reported by Mark Brand of Google Project Zero on 2022-05-13
- High – CVE-2022-2011: Use after free in ANGLE. Reported by SeongHwan Park (SeHwa) on 2022-05-31
Google explains that “access to bug details and links may be restricted until a majority of users are updated with a fix.” It’s a nice way of saying the company is buying time for Chrome users to protect themselves, which is standard company policy. Use After Free (UAF) and Out of Bounds are related to memory management.
In response, Google released Chrome 102.0.5005.115, and while the company says the rollout could take weeks, you don’t have to wait that long. To force the update immediately:
- Click on the three dots in the upper right corner of Chrome.
- Click on Settings > Help > About Google Chrome.
- Wait for Chrome to find and install the update.
- When prompted, restart Chrome (this is essential).
To check for Chrome updates, click on the 3 dots in the upper right corner, click: Settings – Help – About … [+]
Google has already warned users that the number of zero-day hacks (vulnerabilities that are actively exploited before they can be fixed) is increasing across all major platforms. And the same goes for web browsers:
Zero-day attacks on browsers are accelerating rapidly
So now that you are done reading this article, go update your browser. At present.
___
Follow Gordon on Facebook
Learn more about Forbes