15 February 22, 07:20
Quote:Continue Reading
Google published the web browser Chrome 98.0.4758.102 to the Stable channel on February 14, 2022. The new Chrome version fixes several security issues, one of which is exploited actively according to Google.Chrome installations should receive the update automatically over time. Administrators and users who don't want to wait for this to happen may run a manual check for updates to install the patches immediately.
To do so, select Menu > Help > About Google Chrome or load chrome://settings/help directly in the web browser's address bar. The page that opens displays the currently installed version of the web browser, and runs a check for updates. If an update is found, it will be downloaded and installed automatically.
Google confirms on the company's Google Chrome Releases blog that 11 security issues are fixed in the new Google Chrome version. The highest severity rating is high, the second-highest after critical.
Google mentions only the security vulnerabilities that external researches have discovered: eight of the eleven security issues were discovered by non-Google employees.
Quote:[$15000][1290008] High CVE-2022-0603: Use after free in File Manager. Reported by Chaoyuan Peng (@ret2happy) on 2022-01-22
[$7000][1273397] High CVE-2022-0604: Heap buffer overflow in Tab Groups. Reported by Krace on 2021-11-24
[$7000][1286940] High CVE-2022-0605: Use after free in Webstore API. Reported by Thomas Orlita on 2022-01-13
[$7000][1288020] High CVE-2022-0606: Use after free in ANGLE. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2022-01-17
[$TBD][1250655] High CVE-2022-0607: Use after free in GPU. Reported by 0x74960 on 2021-09-17
[$NA][1270333] High CVE-2022-0608: Integer overflow in Mojo. Reported by Sergei Glazunov of Google Project Zero on 2021-11-16
[$NA][1296150] High CVE-2022-0609: Use after free in Animation. Reported by Adam Weidemann and Clément Lecigne of Google's Threat Analysis Group on 2022-02-10
[$TBD][1285449] Medium CVE-2022-0610: Inappropriate implementation in Gamepad API. Reported by Anonymous on 2022-01-08
The vulnerability CVE-2022-0609, Use after free in Animation, is actively exploited according to Google. Google does not mention how widespread the attacks are. Chrome users may want to update to the latest version as soon as possible to protect their browsers and data from potential attacks targeting the vulnerability.
It is unclear if other Chromium-based browsers are affected. Since the vulnerability is related to Animation, it seems likely that other Chromium-based browsers are also affected by it. Expect security updates for these browsers as well in the coming days and weeks (if affected).
Now You: when do you update your browsers?
...