A security update for Google Chrome 96 is out

Martin Brinkmann
Dec 7, 2021
Updated • Dec 7, 2021
Google Chrome
|
14

Google released an update for Google Chrome 96, the company's web browser, today for all supported desktop operating systems and for the company's Android platform.

The new version of Google Chrome is a security update that patches 20 different security issues, many of which rated high, the second-highest rating after critical.

Chrome is rolled out automatically on all supported platforms by default. Desktop users may speed up the discovery of the new update by selecting Menu > Help > About Google Chrome, or by loading chrome://settings/help directly. The page that opens lists the version of the browser that is installed currently, and it will run a check for updates to download and install the latest version of the browser.

Android users may open the page as well, but the download of updates is powered by Google Play, which means that updates can't be expedited this way.

The Chrome releases blog lists all security issues that were reported by external researchers. Most were reported to Google in November, some in October and one in August of 2021.

[$15000][1267661] High CVE-2021-4052: Use after free in web apps. Reported by Wei Yuan of MoyunSec VLab on 2021-11-07

[$10000][1267791] High CVE-2021-4053: Use after free in UI. Reported by Rox on 2021-11-08

[$5000][1239760] High CVE-2021-4054: Incorrect security UI in autofill. Reported by Alesandro Ortiz on 2021-08-13

[$1000][1266510] High CVE-2021-4055: Heap buffer overflow in extensions. Reported by Chen Rong on 2021-11-03

[$TBD][1260939] High CVE-2021-4056: Type Confusion in loader. Reported by @__R0ng of 360 Alpha Lab on 2021-10-18

[$TBD][1262183] High CVE-2021-4057: Use after free in file API. Reported by Sergei Glazunov of Google Project Zero on 2021-10-21

[$TBD][1267496] High CVE-2021-4058: Heap buffer overflow in ANGLE. Reported by Abraruddin Khan and Omair on 2021-11-06

[$TBD][1270990] High CVE-2021-4059: Insufficient data validation in loader. Reported by Luan Herrera (@lbherrera_) on 2021-11-17

[$TBD][1271456] High CVE-2021-4061: Type Confusion in V8. Reported by Paolo Severini on 2021-11-18

[$TBD][1272403] High CVE-2021-4062: Heap buffer overflow in BFCache. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-11-22

[$TBD][1273176] High CVE-2021-4063: Use after free in developer tools. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-11-23

[$TBD][1273197] High CVE-2021-4064: Use after free in screen capture. Reported by @ginggilBesel on 2021-11-23

[$TBD][1273674] High CVE-2021-4065: Use after free in autofill. Reported by 5n1p3r0010 on 2021-11-25

[$TBD][1274499] High CVE-2021-4066: Integer underflow in ANGLE. Reported by Jaehun Jeong(@n3sk) of Theori on 2021-11-29

[$TBD][1274641] High CVE-2021-4067: Use after free in window manager. Reported by @ginggilBesel on 2021-11-29

[$500][1265197] Low CVE-2021-4068: Insufficient validation of untrusted input in new tab page. Reported by NDevTK on 2021-10-31

No critical rating has been assigned, but most issues are rated as high. The issues don't seem to be exploited in the wild, as Google mentions that usually in the release announcement.

The Android version includes stability and performance updates according to Google. It is unclear if security issues were patched in the Android version as well; none are mentioned on the release blog post.

Most Chromium-based browsers are affected by at least some of these vulnerabilities as well. Expect other browsers, such as Microsoft Edge or Brave, to release security updates soon as well that address the issues.

Now You: When do you update your browsers?

Summary
A security update for Google Chrome 96 is out
Article Name
A security update for Google Chrome 96 is out
Description
Google released an update for Google Chrome 96, the company's web browser, today for all supported desktop operating systems and for the company's Android platform.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «
Next Post: «

Comments

  1. Derek Clements said on December 12, 2021 at 5:19 am
    Reply

    Brave for Android:
    At the time of writing this comment:
    * Brave version 1.32.115 (based on Chromium 96.0.4664.93) is currently available from the Google Play store.
    * Release notes at https://brave.com/latest/ have not yet been updated to reflect this.

  2. Sebas said on December 7, 2021 at 5:06 pm
    Reply

    I disabled it on Android and use the Samsung browser, which is pretty good nowadays, with Adguard extension and Blokada.

    Ages ago I uninstalled Chrome. I remember when it first came out it was a great fast browser on XP and Millennium. IE6 was a nice virus enabler, Firefox was insanely slow on my stone age laptop, but with Chrome I could go to… the internet again.

    1. m3city said on December 7, 2021 at 11:31 pm
      Reply

      @Sebas
      Isn’t Samsung Browser based on chromium?

      1. Sebas said on December 12, 2021 at 2:03 am
        Reply

        @ m3city Yes it is.

  3. ULBoom said on December 7, 2021 at 3:00 pm
    Reply

    “When do you update your browsers?”

    Just set up three android phones and one of the first things I did before installing sims or going online was disabling Chrome. I have one stripped out Chromium on desktop that’s updated whenever, even that is severely junked out these days. Chrome and Chredge are banned.

    I mean, C’mon, Android 12 is 13 GB? Why? It takes an hour to disable all the crapware in it. Same with iOS except even more junkware. The better CPU’s get, the crummier so called OS’s get.

    I’m a bit amazed that the mass of users put up with all the ads and nagging in mainstream devices. This is what now passes for entertainment?

  4. chesscanoe said on December 7, 2021 at 1:00 pm
    Reply

    I update the stable version of a browser within 24 hours of its release. Lately I have not had time to explore beta versions.

  5. Safety Pelican 365 said on December 7, 2021 at 11:53 am
    Reply

    you know your chrome is secure when you see large amounts of High CVEs every release. This release there’s only 15

    1. Iron Heart said on December 7, 2021 at 12:50 pm
      Reply

      @Pelican-Man

      Your browser: 3% market share

      Chromium, mostly Chrome: 80% market share

      Guess who is the most attractive target, guess who gets more scrutiny…

      1. m3city said on December 7, 2021 at 11:29 pm
        Reply

        @Iron Heart
        The thing you imply by comparing market share is generally correct, however….

        Check out that list:
        https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/

        An overall number of CVE is similar, just 6 high, 5 moderate, 2 low. We may bet that in the next batch of FF/Chrome roles may be opposite, or one of it may double the other. It just shows, that both browsers are similar in that regard. Both have vulnerabilities. And both get them fixed, even with sooo disproportional resources. And I draw my personal conclusion on that as well.

      2. Safety Pelican 365 said on December 7, 2021 at 5:24 pm
        Reply

        I can assure you Safari has more than 3% share. I fail to see why you think chromium is more secure. You are not a security expert, security is a many layered thing and trying to compare them in totality and state one is better than the other just shows you are ignorant

      3. Iron Heart said on December 7, 2021 at 9:16 pm
        Reply

        @Safety-Man

        > I can assure you Safari has more than 3% share

        Yeah, but Safari is not your browser, buddy. You are constantly shilling for Firefox.

        > I fail to see why you think chromium is more secure. You are not a security expert, security is a many layered thing and trying to compare them in totality and state one is better than the other just shows you are ignorant

        Compare the many layers then:

        https://madaidans-insecurities.github.io/firefox-chromium.html

        Can’t wait for your results, mate. Chromium is undisputedly more secure.

      4. Anonymous said on December 7, 2021 at 7:18 pm
        Reply

        welp chromium is open source no?whats that word again, the thing about bug found faster fixed faster equal to more “secure” stuff. i thought that what it supposed to be…so this is good no? unless open sourcing stuff doesnt make it any diff at all.

  6. FileMagoot said on December 7, 2021 at 11:51 am
    Reply

    I hate Chrome.

    I use it for streaming news TV only, nothing else.

    It never updates, I just get the common update error and I have to run the installer every time.

    What a piece of turd ware.

    1. iron fanboi said on December 8, 2021 at 6:30 am
      Reply

      https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit#gid=2129022708

      we’re going to need a bigger spreadsheet for chrome|ium’s zero days in the wild

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.