A warning has been issued to the billions of people who use Google Chrome following a record number of attacks in 2021.
The browser gets used by around two billion people and Google has already kicked 2022 off by issuing an important warning to them.
Writing the news in a blog post, the huge corporation draws attention to a series of threats that they say have now been addressed in an update that the blog post accompanies.
The update is called Chrome 97 and is essentially a new version of the popular browser that is now available to all users.
Google say it is due to “roll out over the coming days/weeks”. Here's everything you need to know about the warning and how to protect your account.
What warning has Google put out?
In the post, Google shared it had discovered 37 new vulnerabilities that are known to affect users of Linux, macOS and Windows.
Of the threats, 10 of them have been classed as "high" risk and one as "critical". Users are now being advised to take immediate action.
Google say the critical vulnerability and 10 high vulnerabilities are:
- Critical CVE-2022-0096: Use after free in Storage. Reported by Yangkang (@dnpushme) of 360 ATA on 2021-11-30
- High CVE-2022-0097: Inappropriate implementation in DevTools. Reported by David Erceg on 2020-08-17
- High CVE-2022-0098: Use after free in Screen Capture. Reported by @ginggilBesel on 2021-11-24
- High CVE-2022-0099: Use after free in Sign-in. Reported by Rox on 2021-09-01
- High CVE-2022-0100: Heap buffer overflow in Media streams API. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2021-08-10
- High CVE-2022-0101: Heap buffer overflow in Bookmarks. Reported by raven (@raid_akame) on 2021-09-14
- High CVE-2022-0102: Type Confusion in V8 . Reported by Brendon Tiszka on 2021-10-14
- High CVE-2022-0103: Use after free in SwiftShader. Reported by Abraruddin Khan and Omair on 2021-11-21
- High CVE-2022-0104: Heap buffer overflow in ANGLE. Reported by Abraruddin Khan and Omair on 2021-11-25
- High CVE-2022-0105: Use after free in PDF. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2021-11-28
- High CVE-2022-0106: Use after free in Autofill. Reported by Khalil Zhani on 2021-12-10
While these may look confusing, Forbes reports that they follow a familiar pattern – many of the issues feature the phrase "Use-after-free", also known as UAF.
What is a Use-after-free or UAF vulnerability?
'Space plane' unveiled that comes with inflatable 'bouncy castle' for Moon colonisers
A UAF vulnerability is where memory used by a programme doesn't get freed correctly and in turn, becomes vulnerable to hackers to attack.
UAF has been the favoured approach for hackers attacking Google Chrome for many months.
How can you find you find out if you're affected?
Because the new Chrome 97 update is being rolled out over a time period, not all users will be protected from the vulnerabilities it aims to sort out immediately.
To check if you are protected go to: Settings > Help > About Google Chrome.
If your browser version says "97.0.4692.71" or higher then you are safe.
If you do not have a number as high as this then keep checking back until you. Once the number above has been reached, restart your browser to activate the updates.
You will not be protected until you have made the restart so it is vital that you do it as soon as the update has been completed.
Source: Read Full Article