1 min read

Google Patches Critical Security Flaws with Chrome 97 Release

Filip TRUȚĂ

January 05, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Google Patches Critical Security Flaws with Chrome 97 Release

Google this week is rolling out a new version of the world’s most popular web browser, Chrome 97, for all supported platforms. The desktop release patches a number of security flaws, including some deemed very serious.

Chrome 97 is rolling out not just on desktop platforms (Windows, Mac, Linux) but also for mobile platforms (iOS, Android). While the mobile releases merely bring “stability and performance improvements” according to the changelogs, the desktop rollout carries a bit more fanfare – at least from a security perspective.

Packing 37 security fixes, Chrome 97 addresses numerous vulnerabilities deemed either critical or high-severity in nature. For example, the update patches several use-after-free flaws in areas like storage, screen capture, sign-in, SwiftShader and PDF.

Use-after-free errors arise due to incorrect use of dynamic memory during program operation and can lead to anything from corruption of valid data to the execution of arbitrary code (including malicious code), depending on certain variables.

One of them – CVE-2022-0096: Use after free in Storage– is labeled ‘critical,’ yet Google refrains from detailing the flaw to ensure most users are up to date before the technicalities are out. The Internet giant has yet to calculate the appropriate bug bounty for its discoverer, Yangkang (@dnpushme) of 360 ATA.

The next-in-rank bug – CVE-2022-0097: Inappropriate implementation in DevTools – labeled as ‘high’ severity, has nabbed researcher David Erceg a cool $10,000, meaning Yangkang’s ‘critical’ finding should fetch an even prettier penny.

While many of the security bugs squashed in Chrome 97 are deemed ‘medium’ and ‘low’ severity flaws, at least a quarter of them are still considered serious vulnerabilities if exploited for malicious gain by bad actors. Which means users should waste no time updating.

To do so, go to Chrome’s Settings panel, select About Chrome and let the browser fetch its latest iteration for you. When prompted, relaunch Chrome to apply the update. Remember to save your work beforehand.

Stay safe!

tags


Author



Right now

Top posts

How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Hacking cars remotely with just their VIN Hacking cars remotely with just their VIN
Graham CLULEY

December 05, 2022

2 min read
Russian courts attacked by CryWiper malware that poses as ransomware Russian courts attacked by CryWiper malware that poses as ransomware
Graham CLULEY

December 05, 2022

2 min read
Android App in Google Play Store Was Harvesting SMS Messages Helping Criminals Create New Accounts Android App in Google Play Store Was Harvesting SMS Messages Helping Criminals Create New Accounts
Silviu STAHIE

December 02, 2022

1 min read