Google has warned Chrome users that multiple new vulnerabilities have been found in its browser. Fixes will roll out “over the coming days/weeks” though it is possible to protect yourself right now.
Google published the news on its official Chrome blog, confirming seven vulnerabilities, including four discovered by external researchers which it classifies as carrying a ‘High’ threat level. The vulnerabilities affect Chrome on Windows, macOS and Linux.
Google lists the four high threat vulnerabilities as:
- High – CVE-2022-2007: Use after free in WebGPU. Reported by David Manouchehri on 2022-05-17
- High – CVE-2022-2008: Out of bounds memory access in WebGL. Reported by khangkito – Tran Van Khang (VinCSS) on 2022-04-19
- High – CVE-2022-2010: Out of bounds read in compositing. Reported by Mark Brand of Google Project Zero on 2022-05-13
- High – CVE-2022-2011: Use after free in ANGLE. Reported by SeongHwan Park (SeHwa) on 2022-05-31
Google explains that “Access to bug details and links may be kept restricted until a majority of users are updated with a fix.” This is a nice way of saying the company is buying time for Chrome users to protect themselves, which is standard company policy. Both Use After Free (UAF) and Out of Bounds are related to memory management.
In response, Google has released Chrome 102.0.5005.115 and, while the company states that the roll out could take weeks, you don’t have to wait that long. To force the update immediately:
- Click the three dots in the top right corner of Chrome.
- Click Settings > Help > About Google Chrome.
- Wait for Chrome to find and install the update.
- When prompted, restart Chrome (this is critical).
Google has already warned users that the number of zero-day hacks (vulnerabilities which are actively exploited before they can be patched) are rising across all major platforms. And the same is true for web browsers:
So now that you have finished reading this article, go update your browser. Right now.
Follow Gordon on Facebook