• October 6, 2022

GravStar’s Sirius 5 Wireless Earbuds With Swappable Sci-Fi Charging Cases

GravStar is a company known for creating unique sci-fi-inspired audio products that look as good as they sound. The latest launch from the company is the Sirius P5 wireless earbuds. The …

401(k)s Are Not A Substitute For Social Security

This is an exciting time for U.S. retirement policy. Everyone — left, right, and center — recognizes that American retirement policy is out of date. According to the Global Pension Index, …

Steve Stoute’s UnitedMasters Successfully Recruits Uber, Twitter And Adobe Execs

Steve “The Commissioner” Stoute’s music startup UnitedMasters, music distribution and data analytics company has successfully recruited top execs from Uber UBER , Twitter and Adobe ADBE . The company continues to …

Google has confirmed a large number of serious vulnerabilities in its Chrome browser and Chrome users worldwide need to take action…

Google published the news on its official Chrome blog, revealing a head-turning 32 security vulnerabilities have been found which affect Chrome on Windows, macOS and Linux. An upgraded version of the browser is rolling out “over the coming days/weeks.”

Breaking down the vulnerabilities, Google classified eight as posing ‘High’ risk with one designated as ‘Critical’. Google is not disclosing full details of the vulnerabilities yet because it buys time for users to upgrade, but the highest-rated threats are listed below:

  • HighCVE-2022-1633: Use after free in Sharesheet. Reported by Khalil Zhani on 2022-04-18
  • Critical CVE-2022-1853: Use after free in Indexed DB. Reported by Anonymous on 2022-05-12
  • High CVE-2022-1854: Use after free in ANGLE. Reported by SeongHwan Park (SeHwa) on 2022-04-27
  • High CVE-2022-1855: Use after free in Messaging. Reported by Anonymous on 2021-07-13
  • High CVE-2022-1856: Use after free in User Education. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-05-06
  • High CVE-2022-1857: Insufficient policy enforcement in File System API. Reported by Daniel Rhea on 2021-07-11
  • High CVE-2022-1858: Out of bounds read in DevTools. Reported by EllisVlad on 2022-04-07
  • High CVE-2022-1859: Use after free in Performance Manager. Reported by Guannan Wang (@Keenan7310) of Tencent Security Xuanwu Lab on 2022-05-05
  • High CVE-2022-1860: Use after free in UI Foundations. Reported by @ginggilBesel on 2022-02-15
  • High CVE-2022-1861: Use after free in Sharing. Reported by Khalil Zhani on 2022-04-16

While details are scant, the prevalence of Use After Free (UAF) bugs remains. 12 of the 32 vulnerabilities Google shared are UAF (a memory exploit), bringing the total to over 80 in 2022.

Advertisement

Google has released updated versions of Chrome for all platforms to combat these threats: 102.0.5005.61/62/63 for Windows and 102.0.5005.61 for macOS and Linux. To force the update immediately:

  1. Click the three dots in the top right corner of Chrome
  2. Click Settings > Help > About Google Chrome.
  3. Wait for Chrome to find and install the update.
  4. When prompted, restart Chrome (this is critical)

And this is not something to take lightly. In April, Google reported zero-day attacks (vulnerabilities actively exploited by hackers before a fix could be found) across all major platforms had more than doubled between 2020 and 2021, and 2022 is heading for another record.

Make updating Chrome the very next thing you do.

___

Follow Gordon on Facebook

More On Forbes

Advertisement

Leave a Reply

Your email address will not be published.