Google Patches Dozens Of Vulnerabilities In Chrome, Update ASAP

By Lane Babuder, Hot Hardware

Another day another vulnerability. This one's a doozy, though. The Stable Channel for the desktop edition of Chrome had an update on April 26, 2022. That update includes no less than 30 security fixes, half a dozen of which are rated as "High" severity flaws.

The release notes for Google's Chrome v101.0.4951.41 for Windows, Mac, and Linux has a long list of bug fixes; you can view it here. However, there's also an interesting statement in that page.

"Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed."

Effectively the the non-developer translation of the quote above is that these are serious enough to keep the details hidden from the public to avoid bad actors pouncing on them with exploits. We can tell you a good portion of the bugs that have been published lately have to do with memory manipulation and memory overflow errors, a pretty popular way for malware developers to inject code into memory and allow for arbitrary execution, which is bad. It basically means someone could inject virus code into memory upon the exploitation of these bugs. It's too early to get into the weeds of these 30 bug fixes, though.

If you're among the billions running Chrome, we recommend updating immediately. If you're not sure how to update Chrome manually, just follow along here...

Once Chrome is open click on the three-dot menu at the top right of the browser, usually next to your profile picture or initial if you're logged into the browser. Then click on Settings, and in the left panel, click on About Chrome.

Doing so will automatically trigger the Check for Updates feature on the Chrome browser, and automatically download the update. Once downloaded it should present you with a Restart Chrome button, click it, and you're done. Pretty straightforward. You can also re-download the Chrome installer and perform a fresh install, as it always downloads the latest stable release of the software.



Comments

Post a Comment

Popular posts from this blog

FBI, CISA warn US hospitals of targeted BlackCat ransomware attacks

Image
By Sergiu Gatlan,  Bleeping Computer Today, the FBI, CISA, and the Department of Health and Human Services (HHS) warned U.S. healthcare organizations of targeted ALPHV/Blackcat ransomware attacks. "ALPHV Blackcat affiliates have been observed primarily targeting the healthcare sector," the joint advisory cautions. Today's warning follows an April 2022 FBI flash alert and another advisory issued in December 2023 detailing the BlackCat cybercrime gang's activity since it surfaced in November 2021 as a suspected rebrand of the DarkSide and BlackMatter ransomware groups. The FBI linked BlackCat to over 60 breaches during its first four months of activity (between November 2021 and March 2022) and said the gang has raked in at least $300 million in ransoms from over 1,000 victims until September 2023. "Since mid-December 2023, of the nearly 70 leaked victims, the healthcare sector has been the most commonly victimized," the three federal agencies warned in today...
Read more

Nissan North America data breach impacts over 53,000 employees

Image
By Bill Toulas,  Bleeping Computer Nissan North America (Nissan) suffered a data breach last year when a threat actor targeted the company's external VPN and shut down systems to receive a ransom. The car maker discovered the breach in early November 2023 and discovered recently that the incident exposed personal data belonging to more than 53,000 current and former employees. “As shared during the Nissan Town Hall meeting on December 5, 2023, Nissan learned on November 7, 2023, that it was the victim of a targeted cyberattack. Upon learning of the attack, Nissan promptly notified law enforcement and began taking immediate actions to investigate, contain, and successfully terminate the threat,” the company said in a notification to impacted individuals. Nissan disclosed that the threat actor targeted its external VPN and then shut down certain company systems before asking for a ransom. The company notes that none of its systems were encrypted during the attack. Working with extern...
Read more

Why Your VPN May Not Be As Secure As It Claims

Image
By Krebs On Security Virtual private networking (VPN) companies market their services as a way to prevent anyone from snooping on your Internet usage. But new research suggests this is a dangerous assumption when connecting to a VPN via an untrusted network, because attackers on the same network could force a target’s traffic off of the protection provided by their VPN without triggering any alerts to the user. When a device initially tries to connect to a network, it broadcasts a message to the entire local network stating that it is requesting an Internet address. Normally, the only system on the network that notices this request and replies is the router responsible for managing the network to which the user is trying to connect. The machine on a network responsible for fielding these requests is called a Dynamic Host Configuration Protocol (DHCP) server, which will issue time-based leases for IP addresses. The DHCP server also takes care of setting a specific local address — known ...
Read more