Google releases critical security update for Chrome that fixes a 0-day vulnerability
Google released a new security update for its Chrome web browser that is fixing several security vulnerabilities in the browser. One of the security vulnerabilities is exploited in the wild, another received the highest severity rating of critical.
The update is being pushed out to all Chrome installations worldwide. It may take some time, days or even weeks, before the updates become available through the automatic update feature of the Chrome browser.
Desktop users may run manual checks for updates to protect their browser installations right away.
Select Menu > Help > About Google Chrome, or load chrome://settings/help to open the update page. Chrome displays the installed version, runs a check for updates, and will download and install any new version of the browser that it finds.
The fully updated desktop version is 96.0.4664.110. Android users can't force a manual check of the browser on their devices, as this is exclusively managed by Google Play.
The vulnerabilities
Google lists five vulnerabilities that are fixed by the Chrome update on the official Releases Blog:
- [$NA][1263457] Critical CVE-2021-4098: Insufficient data validation in Mojo. Reported by Sergei Glazunov of Google Project Zero on 2021-10-26
- [$5000][1270658] High CVE-2021-4099: Use after free in Swiftshader. Reported by Aki Helin of Solita on 2021-11-16
- [$5000][1272068] High CVE-2021-4100: Object lifecycle issue in ANGLE. Reported by Aki Helin of Solita on 2021-11-19
- [$TBD][1262080] High CVE-2021-4101: Heap buffer overflow in Swiftshader. Reported by Abraruddin Khan and Omair on 2021-10-21
- [$TBD][1278387] High CVE-2021-4102: Use after free in V8. Reported by Anonymous on 2021-12-09
The vulnerability with the ID CVE-2021-4102 is exploited in the wild according to Google. The security issue exploits a user after free in Chrome's JavaScript engine V8. Use after free vulnerabilities can often be exploited to run arbitrary code on target machines. The scope of attacks that exploit the vulnerability has not been revealed by Google.
Chrome users are advised to update their browsers as soon as possible to protect them against potential attacks.
Google released a security update for Chrome 96 just last week. The company has patched 16 Zero-day vulnerabilities in Chrome in 2021. Other Chromium-based browser makers may release security updates for their products as well to address these issues.
Now You: when do you update your browsers and other programs?
Opera is still better, faster than Chrome
No Chrome anymore. JUST NO!
Moving to firefox until chrome gets their act together if ever
chrome is pathetic with their updates. Moving to firefox!
Brave for Android Updated:
Currently available from Google Play:
* Brave (Android) version: 1.33.106
(Chromium version: 96.0.4664.110)
Unfortunately, at the time of posting this, no update is available (via Google Play) from Kiwi Browser.
I’m sure they’re saving some particularly bad zero days for right after manifest v2 is removed from Chrome.
More vulnerabilities,what a year its been for Chrome. Will it get any worse ?
Yes, they are going to need a bigger spreadsheet just for the zero-day in the wild ones
– https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit#gid=2129022708
chrome|ium is so insecure, you should avoid it and use Firefox
@Anonymous
> chrome|ium is so insecure, you should avoid it and use Firefox
> Firefox
> security
Please choose one, can’t have both:
https://madaidans-insecurities.github.io/firefox-chromium.html
@Iron Heart: and you still promote a Chrom-derived browser
And he still cannot think of anything better than obtusely spamming an outdated article, which he does not even understand what is written about.
Half that zero-day are solved! ;)
> Half that zero-day are solved! ;)
only half? that’s a bit shit
An interesting news that has to do with Chrome, it looks like Google will replace Chrome’s downloads bar with a bubble and a downloads button on the toolbar (much like how it works in Edge):
https://redd.it/rfxkfa
.
I installed Brave after long time on my android – all 200 MB of installation file three days ago. Then an update appeared on Aurora Store yesterday. Now this update again – fair to say there’s no end to this.