Chrome 98.0.4758.102 security update with patch for actively exploited vulnerability
#1
Information 
Quote:
[Image: chrome-98-security-fix.webp]

Google published the web browser Chrome 98.0.4758.102 to the Stable channel on February 14, 2022. The new Chrome version fixes several security issues, one of which is exploited actively according to Google.Chrome installations should receive the update automatically over time. Administrators and users who don't want to wait for this to happen may run a manual check for updates to install the patches immediately.

To do so, select Menu > Help > About Google Chrome or load chrome://settings/help directly in the web browser's address bar. The page that opens displays the currently installed version of the web browser, and runs a check for updates. If an update is found, it will be downloaded and installed automatically.

Google confirms on the company's Google Chrome Releases blog that 11 security issues are fixed in the new Google Chrome version. The highest severity rating is high, the second-highest after critical.

Google mentions only the security vulnerabilities that external researches have discovered: eight of the eleven security issues were discovered by non-Google employees.
 
Quote:[$15000][1290008] High CVE-2022-0603: Use after free in File Manager. Reported by Chaoyuan Peng (@ret2happy) on 2022-01-22
[$7000][1273397] High CVE-2022-0604: Heap buffer overflow in Tab Groups. Reported by Krace on 2021-11-24
[$7000][1286940] High CVE-2022-0605: Use after free in Webstore API. Reported by Thomas Orlita on 2022-01-13
[$7000][1288020] High CVE-2022-0606: Use after free in ANGLE. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2022-01-17
[$TBD][1250655] High CVE-2022-0607: Use after free in GPU. Reported by 0x74960 on 2021-09-17
[$NA][1270333] High CVE-2022-0608: Integer overflow in Mojo. Reported by Sergei Glazunov of Google Project Zero on 2021-11-16
[$NA][1296150] High CVE-2022-0609: Use after free in Animation. Reported by Adam Weidemann and Clément Lecigne of Google's Threat Analysis Group on 2022-02-10
[$TBD][1285449] Medium CVE-2022-0610: Inappropriate implementation in Gamepad API. Reported by Anonymous on 2022-01-08

The vulnerability CVE-2022-0609, Use after free in Animation, is actively exploited according to Google. Google does not mention how widespread the attacks are. Chrome users may want to update to the latest version as soon as possible to protect their browsers and data from potential attacks targeting the vulnerability.

It is unclear if other Chromium-based browsers are affected. Since the vulnerability is related to Animation, it seems likely that other Chromium-based browsers are also affected by it. Expect security updates for these browsers as well in the coming days and weeks (if affected).

Now You: when do you update your browsers?
...
Continue Reading
[-] The following 1 user says Thank You to harlan4096 for this post:
  • ismail
Reply


Forum Jump:


Users browsing this thread: 3 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
AirVPN Christmas Sale 2024!
AirVPN CHRISTMAS SAL...jasonX — 07:52
ON1 Software
ON1 Photo RAW 2025.1...jasonX — 06:29
QOwnNotes 19.1.6
24.12.4 The wel...Kool — 12:56
INTEL Arc Graphics 32.0.101.6325/6253 dr...
Highlights Fix...harlan4096 — 11:06
GFYI [Official] Revo Uninstaller Pro v5...
"Share feedback...damien76 — 09:01

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
jasonX's profile jasonX
Administrator

>