Written by
Jonathan Greig, Staff Writer
Jonathan Greig
Staff Writer
Jonathan Greig is a journalist based in New York City.
Full Bio
on January 5, 2022
| Topic: Google
Google rolled out an update for Chrome this week on Windows, Mac and Linux that included 37 security fixes, one of which was rated critical.
Google Chrome’s Prudhvikumar Bommana thanked dozens of security researchers for helping them find bugs, many of which were given a high severity rating.
Chrome 97.0.4692.71 includes fixes for CVE-2022-0096 — a critical use-after-free (UAF) vulnerability — as well as other UAFs like CVE-2022-0098, CVE-2022-0099, CVE-2022-0103, CVE-2022-0105 and CVE-2022-0106. There are also three heap buffer overflow issues rated high severity.
Google did not say if exploits exist for any of the vulnerabilities but BreachQuest CTO Jake Williams said he was not aware that any of these vulnerabilities are being actively exploited in the wild.
Most home users will receive updates automatically, Williams noted. But he explained that enterprise users who lack administrative permissions on their machines will rely on systems administrators to push an update.
In October, Google fixed two previously unknown, high-severity zero-day flaws in a Chrome update for for Windows, Mac and Linux. Exploits for both were found in the wild, according to Google.
Google patched at least 14 zero-days in 2021.
Viakoo CEO Bud Broomhead said it is notable that stable channel releases are now focused on fixing cyber vulnerabilities more than delivering new functionality.
“Stable is now becoming ‘cyber safe to use’ as opposed to ‘won’t crash your machine,’ a meaningful difference with the onslaught of cyber vulnerabilities,” Broomhead said.
Security
The biggest data breaches, hacks of 2021
Copycat and fad hackers will be the bane of supply chain security in 2022
Security will be priority #1 for Linux and open-source developers this year
The 5 best VPN services in 2022
Security
|
Cloud
|
Mobility
|
Enterprise Software
|
Artificial Intelligence
|
Hardware