1 min read

Google Patches Critical Security Flaws with Chrome 97 Release

Filip TRUȚĂ

January 05, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Google Patches Critical Security Flaws with Chrome 97 Release

Google this week is rolling out a new version of the world’s most popular web browser, Chrome 97, for all supported platforms. The desktop release patches a number of security flaws, including some deemed very serious.

Chrome 97 is rolling out not just on desktop platforms (Windows, Mac, Linux) but also for mobile platforms (iOS, Android). While the mobile releases merely bring “stability and performance improvements” according to the changelogs, the desktop rollout carries a bit more fanfare – at least from a security perspective.

Packing 37 security fixes, Chrome 97 addresses numerous vulnerabilities deemed either critical or high-severity in nature. For example, the update patches several use-after-free flaws in areas like storage, screen capture, sign-in, SwiftShader and PDF.

Use-after-free errors arise due to incorrect use of dynamic memory during program operation and can lead to anything from corruption of valid data to the execution of arbitrary code (including malicious code), depending on certain variables.

One of them – CVE-2022-0096: Use after free in Storage– is labeled ‘critical,’ yet Google refrains from detailing the flaw to ensure most users are up to date before the technicalities are out. The Internet giant has yet to calculate the appropriate bug bounty for its discoverer, Yangkang (@dnpushme) of 360 ATA.

The next-in-rank bug – CVE-2022-0097: Inappropriate implementation in DevTools – labeled as ‘high’ severity, has nabbed researcher David Erceg a cool $10,000, meaning Yangkang’s ‘critical’ finding should fetch an even prettier penny.

While many of the security bugs squashed in Chrome 97 are deemed ‘medium’ and ‘low’ severity flaws, at least a quarter of them are still considered serious vulnerabilities if exploited for malicious gain by bad actors. Which means users should waste no time updating.

To do so, go to Chrome’s Settings panel, select About Chrome and let the browser fetch its latest iteration for you. When prompted, relaunch Chrome to apply the update. Remember to save your work beforehand.

Stay safe!

tags


Author



Right now

Top posts

Abode IoT Security Camera Vulnerabilities Would Let Attackers Insert Images, Bitdefender Finds

Abode IoT Security Camera Vulnerabilities Would Let Attackers Insert Images, Bitdefender Finds

December 21, 2021

2 min read
Online Shoppers Beware, Mobile Scams Are on the Rise

Online Shoppers Beware, Mobile Scams Are on the Rise

December 17, 2021

2 min read
The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Apple Patches New Zero-Day and Nasty Privacy Bug with iOS 15.3 and macOS 12.2 Apple Patches New Zero-Day and Nasty Privacy Bug with iOS 15.3 and macOS 12.2
Filip TRUȚĂ

January 27, 2022

2 min read
Microsoft Uncovers New SolarWinds Vulnerability While Analyzing Log4j Exploit Activity Microsoft Uncovers New SolarWinds Vulnerability While Analyzing Log4j Exploit Activity
Silviu STAHIE

January 26, 2022

1 min read
Take Your QNAP NAS Offline! DeadBolt Ransomware Locks Devices via Alleged Zero-Day Flaw Take Your QNAP NAS Offline! DeadBolt Ransomware Locks Devices via Alleged Zero-Day Flaw
Filip TRUȚĂ

January 26, 2022

1 min read