Зарегистрируйтесь сейчас для лучшей персонализированной цитаты!

Time to update: Google Chrome 102 arrives with 32 security fixes, one critical

26 мая 2022 года Hi-network.com
Image: Shutterstock

Google has released stable Chrome version 102 with 32 security fixes for browser on Windows, Mac and Linux. 

Chrome 102 for the desktop includes 32 security fixes reported to Google by external researchers. There's one critical flaw, while eight are high severity, nine are medium severity, and seven are low severity. Google also creates other fixes for issues found through internal testing. Google says in a blogpost this release will be rolled out in the coming days.

Google

  • Every product unveiled at the Made by Google event: Pixel 8 Pro, Watch 2, Assistant, more
  • Pixel 8 Pro vs. Pixel 7 Pro: Is it worth the upgrade?
  • Your Pixel Buds Pro are getting a major software upgrade, and it's totally free
  • How to preorder the Google Pixel 8, Pixel Watch 2, and Pixel Buds Pro now
  • ChatGPT vs. Bing Chat vs. Google Bard: Which is the best AI chatbot?

The critical flaw, labelled as CVE-2022-1853, is a 'use after free in IndexedDB', an interface for applications to store data in a user's browser.    

SEE:Cloud computing security: New guidance aims to keep your data safe from cyberattacks and breaches

Google hasn't provided details about the bug, but security firm Malwarebytes explains that the IndexedDB interface allows for the storage of large amounts of structured data, including files. Each IndexedDB is a database that is unique to an origin, such as a site domain or subdomain, where access should be restricted to that origin. 

"My guess is that an attacker could construct a specially crafted website and take over the visitor's browser by manipulating the IndexedDB," says Pieter Arntz, a malware intelligence researcher at Malwarebytes.  

None of the flaws fixed in this Chrome 102 stable release were zero days, meaning flaws that were exploited before Google released a patch for it. 

Google in late April released stable version 101 with 29 fixes found by external researchers. Again, none of them were zero days. But earlier that month it released a fix for a zero-day flaw in Chrome, adding to its count of known zero-day flaws for Chrome. 

Google's Project Zero (GPZ) team last year counted 58 zero-day exploits for popular software in 2021. Twenty-five of these were in browsers, of which 14 affected Chrome. Google engineers argue zero-day counts are rising because vendors are improving detection, fixes and disclosure. However, GPZ researchers argue the industry as a whole is not making zero days hard enough for attackers, who often rely on tweaking existing flaws rather than being forced to conjure up entirely new exploitation methods.

Chrome 102 is an extended stable release for Windows and Mac for enterprise customers. Normally Chrome is updated every four weeks, but the extended release gains an additional four weeks by Google back-porting important security fixes to it. An extended stable release is updated every eight weeks.

Security

8 habits of highly secure remote workersHow to find and remove spyware from your phoneThe best VPN services: How do the top 5 compare?How to find out if you are involved in a data breach -- and what to do next
  • 8 habits of highly secure remote workers
  • How to find and remove spyware from your phone
  • The best VPN services: How do the top 5 compare?
  • How to find out if you are involved in a data breach -- and what to do next

tag-icon Горячие метки: Технологии и оборудование Безопасность и охрана

Copyright © 2014-2024 Hi-Network.com | HAILIAN TECHNOLOGY CO., LIMITED | All Rights Reserved.