A new zero-day high threat level hack has been found in Google Chrome
LIGHTROCKET VIA GETTY IMAGES
Google issued the admonition in an official web log post, confirming 11 raw hacks, nine of which it deems to be high-level threats in addition to the Critical overwork mentioned above. Chrome users running Windows, macOS and Linux are all vulnerable .
As is criterion drill, Google is presently limiting information about the modern hacks in an undertake to buy time for Chrome users to upgrade. That said, the company has listed where the successful exploits have taken topographic point and it forms a familiar model. I have listed the 10 most good below :
Read more: A Few Thoughts on Cryptographic Engineering
- Critical – CVE-2022-0971: Use after free in Blink Layout. Reported by Sergei Glazunov of Google Project Zero on 2022-02-21
- High – CVE-2022-0972: Use after free in Extensions. Reported by Sergei Glazunov of Google Project Zero on 2022-02-28
- High – CVE-2022-0973: Use after free in Safe Browsing. Reported by avaue and Buff3tts at S.S.L. on 2022-02-15
- High – CVE-2022-0974 : Use after free in Splitscreen. Reported by @ginggilBesel on 2022-01-28
- High – CVE-2022-0975: Use after free in ANGLE. Reported by SeongHwan Park (SeHwa) on 2022-02-09
- High – CVE-2022-0976: Heap buffer overflow in GPU. Reported by Omair on 2022-02-13
- High – CVE-2022-0977: Use after free in Browser UI. Reported by Khalil Zhani on 2022-02-20
- High – CVE-2022-0978: Use after free in ANGLE. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2022-02-20
- High – CVE-2022-0979: Use after free in Safe Browsing. Reported by anonymous on 2022-03-03
- Medium – CVE-2022-0980: Use after free in New Tab Page. Reported by Krace on 2022-03-02
‘ Use-After-Free ’ ( UAF ) exploits have systematically been the most successful room to hack Chrome, but things have stepped up another level here with nine of the 11 hacks using this method acting. There have now been 40 UAF hacks of Chrome since the startle of 2022. UAF vulnerabilities are memory exploits created when a program fails to clear the pointer to the memory after it is freed .
The second gear most popular route is via a Heap buffer overflow exploit and this makes up the remaining attack. besides referred to as ‘ Heap Smashing ’, memory on the pile is dynamically allocated and typically contains program data. With an overflow, critical data structures can be overwrite which makes it an ideal target for hackers .
The good news, however, is Google has found no newly Zero-Day vulnerabilities ( when a hacker is able to exploit a vulnerability before a fasten is found ). That said, Google recently warned zero-day hacks are rising .
To combat these new threats, Google has released Chrome 99.0.4844.74 ( Chrome 100 is coming soon ). Google says the update “ will roll out over the coming days/weeks ” .
To check if your browser is protected, navigate to Settings > Help > About Google Chrome. This will tell you your browser version. If the update is not yet available for your browser, check back regularly. And remember, you are not protected until your browser has been restarted. thus make this the very adjacent thing you do .
Chrome must be restarted before you are protected
___
Follow Gordon on Facebook
More On Forbes
New Edge, Firefox, Chrome ‘ 100 ’ Updates Will Break Some Websites
Android 13 Beta Code Reveals Two New Google Pixel Smartphones