Chrome 97 update fixes 26 vulnerabilities (1 critical)

Martin Brinkmann
Jan 20, 2022
Google Chrome
|
14

Google released a new version of its Chrome web browser to the public. The new version of the web browser, Chrome 97.0.4692.99, is a security update that addresses 26 different issues in the browser, including one rated critical. Chrome Extended Stable has been updated as well to address the issues.

google chrome 97 security update

The Extended Stable is updated to a new milestone release every 8 weeks. It is designed for organizations and Enterprise customers mainly, but available for everyone.

Chrome 97.0.4692.99 and Chrome 96.0.4664.174 are already available. Google rolls out new versions over the course of days and weeks, using Chrome's automatic updating functionality for it.

Chrome users who want the updates early can run manual checks for updates. All it takes is to select Menu > Help > About Google Chrome to start the process. Chrome displays the current version and runs a check for updates. The browser should pick up the new version during the scan to download and install it. A restart is required to complete the process.

Blog posts on the Chrome Releases blog list all externally reported security issues that Google addressed in the Chrome update. One vulnerability, CVE-2022-0289, is rated critical, the highest severity rating.

[$NA][1284367] Critical CVE-2022-0289: Use after free in Safe browsing. Reported by Sergei Glazunov of Google Project Zero on 2022-01-05

[$20000],[NA][1260134][1260007] High CVE-2022-0290: Use after free in Site isolation. Reported by Brendon Tiszka and Sergei Glazunov of Google Project Zero on 2021-10-15

[$20000][1281084] High CVE-2022-0291: Inappropriate implementation in Storage. Reported by Anonymous on 2021-12-19

[$17000][1270358] High CVE-2022-0292: Inappropriate implementation in Fenced Frames. Reported by Brendon Tiszka on 2021-11-16

[$15000][1283371] High CVE-2022-0293: Use after free in Web packaging. Reported by Rong Jian and Guang Gong of 360 Alpha Lab on 2021-12-30

[$10000][1273017] High CVE-2022-0294: Inappropriate implementation in Push messaging. Reported by Rong Jian and Guang Gong of 360 Alpha Lab on 2021-11-23

[$10000][1278180] High CVE-2022-0295: Use after free in Omnibox. Reported by Weipeng Jiang (@Krace) and Guang Gong of 360 Vulnerability Research Institute on 2021-12-09

[$7000][1283375] High CVE-2022-0296: Use after free in Printing. Reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute on 2021-12-30

[$5000][1274316] High CVE-2022-0297: Use after free in Vulkan. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2021-11-28

[$TBD][1212957] High CVE-2022-0298: Use after free in Scheduling. Reported by Yangkang (@dnpushme) of 360 ATA on 2021-05-25

[$TBD][1275438] High CVE-2022-0300: Use after free in Text Input Method Editor. Reported by Rong Jian and Guang Gong of 360 Alpha Lab on 2021-12-01

[$NA][1276331] High CVE-2022-0301: Heap buffer overflow in DevTools. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-12-03

[$TBD][1278613] High CVE-2022-0302: Use after free in Omnibox. Reported by Weipeng Jiang (@Krace) and Guang Gong of 360 Vulnerability Research Institute on 2021-12-10

[$TBD][1281979] High CVE-2022-0303: Race in GPU Watchdog. Reported by Yi?it Can YILMAZ (@yilmazcanyigit) on 2021-12-22

[$TBD][1282118] High CVE-2022-0304: Use after free in Bookmarks. Reported by Rong Jian and Guang Gong of 360 Alpha Lab on 2021-12-22

[$TBD][1282354] High CVE-2022-0305: Inappropriate implementation in Service Worker API. Reported by @uwu7586 on 2021-12-23

[$NA][1283198] High CVE-2022-0306: Heap buffer overflow in PDFium. Reported by Sergei Glazunov of Google Project Zero on 2021-12-29

[$2000][1281881] Medium CVE-2022-0307: Use after free in Optimization Guide. Reported by Samet Bekmezci @sametbekmezci on 2021-12-21

[$2000][1282480] Medium CVE-2022-0308: Use after free in Data Transfer. Reported by @ginggilBesel on 2021-12-24

[$TBD][1240472] Medium CVE-2022-0309: Inappropriate implementation in Autofill. Reported by Alesandro Ortiz on 2021-08-17

[$TBD][1283805] Medium CVE-2022-0310: Heap buffer overflow in Task Manager. Reported by Samet Bekmezci @sametbekmezci on 2022-01-03

[$TBD][1283807] Medium CVE-2022-0311: Heap buffer overflow in Task Manager. Reported by Samet Bekmezci @sametbekmezci on 2022-01-03

Google does not seem to be aware of attacks targeting any of the vulnerabilities, as it usually reveals if that is the case in the blog posts on the Chrome Releases blog.

You can check out the Stable and Extended Channel announcements by following the links.

Now You: when do you update your browsers?

Summary
Chrome 97 update fixes 26 vulnerabilities (1 critical)
Article Name
Chrome 97 update fixes 26 vulnerabilities (1 critical)
Description
Google released security updates for its Google Chrome browser and Google Chrome Extended browser that address 26 security issues in those browsers.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «
Next Post: «

Comments

  1. Derek Clements said on January 22, 2022 at 4:08 am
    Reply

    Brave for Desktop now upgraded to Chromium version 97.0.4692.99:

    https://brave.com/latest/

    Brave for Android still stuck out in the cold and lonely at the earlier vulnerable version.

  2. Leland said on January 20, 2022 at 10:40 pm
    Reply

    Hi Martin. I couldn’t help but notice Google Chrome now has the Extended Stable release channel but try as I might I have not found where to download this version yet. Any ideas? Thanks.

    1. chesscanoe said on January 21, 2022 at 1:29 am
      Reply

      Using Chrome search I found https://support.google.com/chrome/a/answer/6350036#zippy=%2Cset-chrome-browser-to-a-specific-release-channel . Perhaps there is is a simpler better answer hiding somewhere.

  3. John G. said on January 20, 2022 at 6:41 pm
    Reply

    Chrome does not have more vulnerabilities than other browsers, however it has a lot because it’s widely used by millions of people around the world and this is the reason to discover so much of them. Chrome works like a charm to browse for unknown websites because is extremely robust, however Fiferox is my preferred choice for trusted sites (e.g., online chat, online shopping and goverment sites (despite its weird dark/light mode management, ugly as hell). :]

  4. ilev said on January 20, 2022 at 6:17 pm
    Reply

    Edge is following with the same security holes.

    1. Bobby Phoenix said on January 20, 2022 at 11:50 pm
      Reply

      All Chromium based browsers are following all these security holes. Chrome, Edge, Brave, Vivaldi, etc. If it’s Chromium based, it gonna get hit! Plus they are worse off because Chrome updates, and publishes it, but all the other browsers take more time, and that give hackers time to try to exploit them.

      1. Anonymous said on January 21, 2022 at 6:52 pm
        Reply

        Edge specifically can sidestep the issue thanks to Microsoft defender application guard (which essentially runs the entire browser inside of its own VM), but other chromium browsers (with the exception of Chrome) do have the issue of being downstream.

  5. Leo Feret said on January 20, 2022 at 3:13 pm
    Reply

    Just a minor and perhaps obvious clarification: A (browser) restart is required to complete the process.

  6. ULBoom said on January 20, 2022 at 2:18 pm
    Reply

    First I’ve heard of Chrome Extended Stable. Interesting it’s a whole version behind but still OK to use. IDK if a bunch of Chrome’s glopware is missing from this edition, similar to FF ESR but it’s still OK.

    I update my stripped version of Chromium whenever I think of it, not often. FF is manually updated whenever an update is released unless there’s evidence of issues.

  7. Netscape_Navigator said on January 20, 2022 at 1:42 pm
    Reply

    “when do you update your browsers?”

    Chrome is a freakshow. More “vulnerabilities” “”fixed”” every other version. Just check this list after years since snapping the chromium code and all those “genius” devs, engineers, etc.

    Still using Netscape Navigator…

    1. Trey said on January 20, 2022 at 9:39 pm
      Reply

      I hope you’re joking. I can’t tell.

  8. notanon said on January 20, 2022 at 12:43 pm
    Reply

    Another zillion security holes patched.

    Chrome has the most security vulnerabilities of any browser.

    At least Google’s bounty system is working, LOL.

    1. Trey said on January 20, 2022 at 9:42 pm
      Reply

      “Chrome has the most security vulnerabilities of any browser.”

      The most discovered and fixed vulnerabilities you mean. Would you feel safer if they never came to light?

  9. Richard Allen said on January 20, 2022 at 12:19 pm
    Reply

    “When do you update your browsers?” When Martin spreads the word about a new update being available! ;)

    On my laptop I have both Chrome and Vivaldi Snapshot setup to only manually update. Firefox (primary) set to notify.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.