Google has confirmed new Chrome vulnerabilities have been found which impact the browser across all major platforms. Here’s everything you need to know to stay safe.
Google announced the news on its official Chrome blog, stating that 13 new security flaws have been discovered, eight of which pose a ‘High’ threat level to users. They affect Chrome on Windows, macOS, Linux and Android.
Google is currently restricting information about the vulnerabilities “until a majority of users are updated with a fix” and you should not waste this time. Below are the eight high threat level exploits Google revealed:
- High – CVE-2022-1633: Use after free in Sharesheet. Reported by Khalil Zhani on 2022-04-18
- High – CVE-2022-1634: Use after free in Browser UI. Reported by Khalil Zhani on 2022-04-09
- High – CVE-2022-1635: Use after free in Permission Prompts. Reported by Anonymous on 2022-04-26
- High – CVE-2022-1636: Use after free in Performance APIs. Reported by Seth Brenith, Microsoft on 2022-02-15
- High – CVE-2022-1637: Inappropriate implementation in Web Contents. Reported by Alesandro Ortiz on 2022-03-31
- High – CVE-2022-1638: Heap buffer overflow in V8 Internationalization. Reported by DoHyun Lee (@l33d0hyun) of DNSLab, Korea University on 2022-04-17
- High – CVE-2022-1639: Use after free in ANGLE. Reported by SeongHwan Park (SeHwa) on 2022-04-19
- High – CVE-2022-1640: Use after free in Sharing. Reported by Weipeng Jiang (@Krace) and Guang Gong of 360 Vulnerability Research Institute on 2022-04-28
Use After Free (UAF) attacks remain the most successful method for cracking Chrome. Six of the eight new Chrome vulnerabilities use UAF (a memory exploit) and have been responsible for over 70 High-level breaches of Chrome security in 2022.
In response, Google has released Chrome 101.0.4951.64. It is not being made available to all users immediately, instead it will “roll out over the coming days/weeks” but it is possiblet to jump he queue and force Chrome to check for the update by following this method:
- Click the three dots in the top right corner of Chrome
- Click Settings > Help > About Google Chrome.
- Wait for Chrome to find and install the update.
- When prompted, restart Chrome (this is critical)
Google has been keen to stress that serious browser and platform hacks are rising. Last month, the company reported 58 zero-day hacks were found in 2021 (security flaws which are actively exploited by hackers before a fix can be applied). This was “the most ever recorded since Project Zero began tracking in mid-2014” and more than double the 25 detected in 2020.
It has never been more important to be proactive and keep your software update to gate. So go beat the queue and force Chrome to update right now.
Follow Gordon on Facebook