Google issues warning for 2 billion Chrome users

Google Chrome users, this is high alert time. Following a record number of attacks Last year, 2022 started with an even bigger bang and Google has now issued its second serious January update warning to the browser’s two billion users.

MORE FORBESGoogle Chrome version 100 could cause problems for older websites

Google made the announcement in a new blog post, revealing that 26 new security vulnerabilities have been discovered in Chrome just two weeks after the company reported 37 exploits. Google says 16 of these vulnerabilities pose a “high” level of threat to users, while another is rated as extremely dangerous. Linux, macOS, and Windows users are all affected and you should take immediate action.

Google limits information about new attacks to save Chrome users time, but the company has confirmed the areas targeted by new threats. Critical and high level threats are listed below:

  • Critical CVE-2022-0289: Use after free in safe browsing. Reported by Sergei Glazunov of Google Project Zero on 2022-01-05
  • High – CVE-2022-0290 (second gear): Use after free in site isolation. Reported by Brendon Tiszka and Sergei Glazunov of Google Project Zero on 2021-10-15
  • High – CVE-2022-0291: Improper implementation in storage. Posted by Anonymous on 2021-12-19
  • High – CVE-2022-0292: Improper implementation in fenced frameworks. Posted by Brendon Tiszka on 2021-11-16
  • High – CVE-2022-0293: Use after free in the web package. Reported by Rong Jian and Guang Gong of 360 Alpha Lab on 2021-12-30
  • High – CVE-2022-0294: Improper implementation in push messaging. Reported by Rong Jian and Guang Gong of 360 Alpha Lab on 2021-11-23
  • High – CVE-2022-0295: Use after free in Omnibox. Reported by Weipeng Jiang (@Krace) and Guang Gong of 360 Vulnerability Research Institute on 2021-12-09
  • High – CVE-2022-0296: Use after free in print. Reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute on 2021-12-30
  • High – CVE-2022-0297: Use after free in Vulkan. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. ltd. on 2021-11-28
  • High – CVE-2022-0298: To be used after free in planning. Reported by Yangkang (@dnpushme) from 360 ATA on 2021-05-25
  • High – CVE-2022-0300: To be used after free in the text input method editor. Reported by Rong Jian and Guang Gong of 360 Alpha Lab on 12/01/2021
  • High – CVE-2022-0301: Buffer overflow in DevTools. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-12-03
  • High – CVE-2022-0302: Use after free in Omnibox. Reported by Weipeng Jiang (@Krace) and Guang Gong of 360 Vulnerability Research Institute on 2021-12-10
  • High – CVE-2022-0303: Running in GPU Watchdog. Reported by Yiğit Can YILMAZ (@yilmazcanyigit) on 2021-12-22
  • High – CVE-2022-0304: Use after free in bookmarks. Reported by Rong Jian and Guang Gong of 360 Alpha Lab on 2021-12-22
  • High – CVE-2022-0305: Improper implementation in Service Worker API. Posted by @uwu7586 on 2021-12-23
  • High – CVE-2022-0306: Heap buffer overflow in PDFium. Reported by Sergei Glazunov of Google Project Zero on 2021-12-29

‘Use-After-Free’ (UAF) exploits again prove to be the weapon of choice for hackers with eight others recorded here. This brings the total number of successful UAF attacks on Chrome to nearly 60 since September. UAF vulnerabilities are memory exploits created when a program fails to erase the pointer to memory after it is freed.

Heap buffer overflow flaws also remain on the radar, but with fewer hacks than in recent months. Also called “Heap Smashing”, heap memory is dynamically allocated and usually contains program data. With an overflow, critical data structures can be overwritten, making it an ideal target for hackers.

Unusually, Google also found a number of “improper implementation” flaws in Chrome that can be exploited in Storage, Fenced Items, Push Messaging, and Chrome. Service Worker API.

What do you need to do

In response to these threats, Google released a new version of Chrome 97 (specifically 97.0.4692.99) for all users. Google states that the version “will be rolling out over the next few days/weeks”, so it’s important to know that you might not be able to protect yourself immediately.

To check if you are protected, go to Settings > Help > About Google Chrome. If your Chrome browser is listed as 97.0.4692.71 or higher, you are safe. If the update is not installed or listed as available for your browser, check regularly for the new version. Above all, once you have updated, restart your browser. You are not protected until this is done.

Chrome hacks in 2022 are already in place in early 2021 and it was a banner year. Keeping your browser up to date has never been more important. Check it now.

___

Follow Gordon on Facebook

Learn more about Forbes

Google reports 37 new security flaws in Chrome

Microsoft launches privacy, security and trust attacks on Chrome browser

Comments are closed.