Google issues warning for 2 billion Chrome users
Google Chrome now has 2.65 billion users worldwide and has 65% of the web browser market. But dominance means hackers’ attention, and Google has now released a new upgrade warning for all Chrome users around the world.
In an official blog post, Google revealed that 19 security vulnerabilities have been discovered in Chrome for Linux, macOS, and Windows. Specifically, Google states that five of these vulnerabilities pose a “high” security threat.
Therefore, Google is currently restricting information about these flaws. This is a common practice to limit their spread and save time for users to protect themselves. As a result, that’s all Google is willing to disclose about the threats at this time:
- High – CVE-2021-37956: Use after free use in offline mode. Reported by Huyna to Viettel Cyber Security on 2021-08-24
- High – CVE-2021-37957: Use after free in WebGPU. Reported by Looben Yang on 2021-08-23
- High – CVE-2021-37958: Inappropriate implementation in Navigation. Reported by James Lee (@Windowsrcer) on 2021-06-24
- High – CVE-2021-37959: Use after free in Task Manager. Reported by raven (@raid_akame) on 1521-07-15
- High – CVE-2021-37960: Inappropriate implementation in Blink graphics. Reported by Atte Kettunen of the OUSPG on 2021-09-07
It should be noted that three of the five threats are Use-After-Free (UAF) vulnerabilities. UAF has been a popular route to attack Chrome recently, and five other high-level security threats found in Chrome earlier this month have all used this method. The Use-After-Free (UAF) vulnerabilities relate to the incorrect use of dynamic memory while the program is running. If the program does not erase the pointer to memory after it is freed, hackers can use this error to exploit it.
To combat these new threats, all Chrome users need to access Settings> Help> About Google Chrome. If your browser version on Linux, macOS, or Windows is listed as 94.0.4606.54 or higher, you are safe. Google says this new, protected version of Chrome “will roll out over the next few days / weeks”, so you may not be able to protect yourself right away. If you can upgrade you should do so and then restart your browser immediately.
Note: You are not safe until you complete the restart.
Chrome 94 marks a rapid acceleration in versions and Google continues to step up its game when it comes to fixing Chrome attacks and ten zero-day hacks have already been fixed this year. That said, all that good work only pays off if the billions of Chrome users react quickly as well.
Now stop reading this article and update your browser now.
Follow Gordon on Facebook
More on Forbes
Google reveals 2 new “Zero Day” defects fixed in Chrome 93
Google Confirms 5 New High-Level Security Flaws In Chrome