Google Confirms ‘Critical’ New Chrome Hack, Issues Urgent Fix

Chrome users, you need to take action. Google has warned there are multiple fresh high-level vulnerabilities in its browser, including one it deems to be ‘ Critical ’. This is what you need to know to stay safe .

A new zero-day high threat level hack has been found in Google Chrome

LIGHTROCKET VIA GETTY IMAGES

Google issued the admonition in an official web log post, confirming 11 raw hacks, nine of which it deems to be high-level threats in addition to the Critical overwork mentioned above. Chrome users running Windows, macOS and Linux are all vulnerable .

As is criterion drill, Google is presently limiting information about the modern hacks in an undertake to buy time for Chrome users to upgrade. That said, the company has listed where the successful exploits have taken topographic point and it forms a familiar model. I have listed the 10 most good below :

  • Critical – CVE-2022-0971: Use after free in Blink Layout. Reported by Sergei Glazunov of Google Project Zero on 2022-02-21
  • High – CVE-2022-0972: Use after free in Extensions. Reported by Sergei Glazunov of Google Project Zero on 2022-02-28
  • High – CVE-2022-0973: Use after free in Safe Browsing. Reported by avaue and Buff3tts at S.S.L. on 2022-02-15
  • High – CVE-2022-0974 : Use after free in Splitscreen. Reported by @ginggilBesel on 2022-01-28
  • High – CVE-2022-0975: Use after free in ANGLE. Reported by SeongHwan Park (SeHwa) on 2022-02-09
  • High – CVE-2022-0976: Heap buffer overflow in GPU. Reported by Omair on 2022-02-13
  • High – CVE-2022-0977: Use after free in Browser UI. Reported by Khalil Zhani on 2022-02-20
  • High – CVE-2022-0978: Use after free in ANGLE. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2022-02-20
  • High – CVE-2022-0979: Use after free in Safe Browsing. Reported by anonymous on 2022-03-03
  • Medium – CVE-2022-0980: Use after free in New Tab Page. Reported by Krace on 2022-03-02

‘ Use-After-Free ’ ( UAF ) exploits have systematically been the most successful room to hack Chrome, but things have stepped up another level here with nine of the 11 hacks using this method acting. There have now been 40 UAF hacks of Chrome since the startle of 2022. UAF vulnerabilities are memory exploits created when a program fails to clear the pointer to the memory after it is freed .

The second gear most popular route is via a Heap buffer overflow exploit and this makes up the remaining attack. besides referred to as ‘ Heap Smashing ’, memory on the pile is dynamically allocated and typically contains program data. With an overflow, critical data structures can be overwrite which makes it an ideal target for hackers .
The good news, however, is Google has found no newly Zero-Day vulnerabilities ( when a hacker is able to exploit a vulnerability before a fasten is found ). That said, Google recently warned zero-day hacks are rising .
To combat these new threats, Google has released Chrome 99.0.4844.74 ( Chrome 100 is coming soon ). Google says the update “ will roll out over the coming days/weeks ” .
To check if your browser is protected, navigate to Settings > Help > About Google Chrome. This will tell you your browser version. If the update is not yet available for your browser, check back regularly. And remember, you are not protected until your browser has been restarted. thus make this the very adjacent thing you do .

Chrome must be restarted before you are protected

Google

___
Follow Gordon on Facebook

More On Forbes

New Edge, Firefox, Chrome ‘ 100 ’ Updates Will Break Some Websites
Android 13 Beta Code Reveals Two New Google Pixel Smartphones

Leave a Reply

Your email address will not be published.