Google Patches Critical Security Flaws with Chrome 97 Release
Google this week is rolling out a new version of the world’s most popular web browser, Chrome 97, for all supported platforms. The desktop release patches a number of security flaws, including some deemed very serious.
Chrome 97 is rolling out not just on desktop platforms (Windows, Mac, Linux) but also for mobile platforms (iOS, Android). While the mobile releases merely bring “stability and performance improvements” according to the changelogs, the desktop rollout carries a bit more fanfare – at least from a security perspective.
Packing 37 security fixes, Chrome 97 addresses numerous vulnerabilities deemed either critical or high-severity in nature. For example, the update patches several use-after-free flaws in areas like storage, screen capture, sign-in, SwiftShader and PDF.
Use-after-free errors arise due to incorrect use of dynamic memory during program operation and can lead to anything from corruption of valid data to the execution of arbitrary code (including malicious code), depending on certain variables.
One of them – CVE-2022-0096: Use after free in Storage– is labeled ‘critical,’ yet Google refrains from detailing the flaw to ensure most users are up to date before the technicalities are out. The Internet giant has yet to calculate the appropriate bug bounty for its discoverer, Yangkang (@dnpushme) of 360 ATA.
The next-in-rank bug – CVE-2022-0097: Inappropriate implementation in DevTools – labeled as ‘high’ severity, has nabbed researcher David Erceg a cool $10,000, meaning Yangkang’s ‘critical’ finding should fetch an even prettier penny.
While many of the security bugs squashed in Chrome 97 are deemed ‘medium’ and ‘low’ severity flaws, at least a quarter of them are still considered serious vulnerabilities if exploited for malicious gain by bad actors. Which means users should waste no time updating.
To do so, go to Chrome’s Settings panel, select About Chrome and let the browser fetch its latest iteration for you. When prompted, relaunch Chrome to apply the update. Remember to save your work beforehand.
How to monitor your online privacy during your Thanksgiving trip
November 22, 2022
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info
November 16, 2022
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be
November 14, 2022
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War
August 31, 2022
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor
August 30, 2022
What is medical identity theft and how to protect against it
July 27, 2022