More information is expected to follow after the fix
Google has been forced to warn billions of its users after hackers successfully targeted the browser and highlighted an array of new security flaws.
Announcing the troubling news through a blog post on April 26, company rep. Prudhvikumar Bommana said an update was due to come out in the “coming days/weeks.” The fix, known as Chrome 101.0.4951.41, will apply to Windows, macOS, and Linux.
A recent hack attempt had highlighted 30 flaws in Chrome’s armour, including seven that pose a “high” threat to users. It’s not yet clear who hacked the company or why, but further details “may be kept restricted until a majority of users are updated with a fix.”
A full list of the “high” threat bugs:
- CVE-2022-1477: Use after free in Vulkan. Reported by SeongHwan Park (SeHwa) on 2022-04-06
- CVE-2022-1478: Use after free in SwiftShader. Reported by SeongHwan Park (SeHwa) on 2022-02-20
- CVE-2022-1479: Use after free in ANGLE. Reported by Jeonghoon Shin of Theori on 2022-03-10
- CVE-2022-1480: Use after free in Device API. Reported by @uwu7586 on 2022-03-17
- CVE-2022-1481: Use after free in Sharing. Reported by Weipeng Jiang (@Krace) and Guang Gong of 360 Vulnerability Research Institute on 2022-03-04
- CVE-2022-1482: Inappropriate implementation in WebGL. Reported by Christoph Diehl, Microsoft on 2022-03-10
- CVE-2022-1483: Heap buffer overflow in WebGPU. Reported by Mark Brand of Google Project Zero on 2022-04-08
According to Forbes, “Use after free” attacks continue to be the biggest threat to Chrome and have been employed 65 times in 2022.
Chrome also said they would: “retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.”
Once the update arrives, it will install automatically, but you can update yourself the moment it drops.
Related links:
