Google Chrome's latest critical security update is now available
Google released a new security update for all desktop versions of its Chrome web browser today. The update patches 10 security issues in the web browser, including one that is rated with the highest severity rating of critical.
Chrome desktop users may want to update the browser to the latest version immediately to protect it against potential exploits that target these vulnerabilities.
To do so on the desktop, select Menu > Help > About Google Chrome, or load chrome://settings/help directly in the browser's address bar.
Google Chrome displays the current version of the browser and runs a check for updates. It should pick up the new security update for the browser and start the download and installation of it automatically. A restart is required to complete the installation of the upgrade.
Here are the latest versions for Chrome after the update has been applied:
- Chrome for Mac and Linux: 110.0.5481.177
- Chrome for Windows: 110.0.5481.177 or 110.0.5481.178
- Chrome Extended Stable for Windows: 110.0.5481.177
Google released special Stable Channel updates for Windows Server 2012 and Windows Server 2012 R2 as well this week.
Google reveals on the official Chrome Releases blog that the update includes 10 security fixes. Only eight of the ten are listed in the article. Internally discovered security vulnerabilities are never reported publicly by Google.
Of the eight Chrome security issues listed, one has a severity rating of critical, six a severity rating of high, and one a severity rating of medium.
The critical security issues addresses a use after free vulnerability in prompts according to the listing. Components such as the Web Payments API, SwiftShader, Vulkan, Video, and WebRTC are affected by security issues with a severity rating of high. The only medium severity vulnerability addresses an integer overflow issues in PDF.
Google makes no mention of known exploits in the wild, which should be reassuring to users of the browser. Exploits in the wild make the installation of security updates an even higher priority.
Other Chromium-based browsers are also affected by, at least some, of the vulnerabilities. Expect updates for Microsoft Edge, Brave, Vivaldi, Opera and other browsers in the coming days and weeks.
Don’t know why anybody takes this Brave cuck seriously
@Anonymous
There is nothing more cucked than picking “Anonymous” of all things as a nick. That’s cuckery on steroids.
@John G.
You are cucked as well. “G.” has to stand for gullible.
LOL.
LOL
Yes Iron Heart occasionally says things that can be a bit over the top and yes his pro-Big Tech, pro-Google stance can be frustrating at times. Despite his far leftist beliefs, he does not deserve to mocked and called a troll. He has the right to speak.
Indeed, mockery is inappropriate :
[https://upload.disroot.org/r/TotD0M4h#E9ZnH01by8pvB82A27y01qG2qg3iBIKSXQOONk4+wzI=]
> yes his pro-Big Tech, pro-Google
That’s false. I am against Big Tech data collection and privacy violations. I am however, not of the opinion that anything written by Google can’t be touched just because it was mainly written by Google. Going by that logic, any custom ROM of Android aiming to protect user privacy would be disqualified. It’s not any different for Chromium.
Rust 9.5%
https://4e6.github.io/firefox-lang-stats/
Exactly my point and then you also have to consider which Firefox exactly are written in Rust and which are not.
Google is going to have to re-write the entirety of chromium in rust. Until that can happen though, it is just too dangerous to use, and we need to tell all our friends and family to just stop using chromium-based browsers. And if they must use chromium-based browsers for some reason, they should disable javascript, which is the most frequent pathway to spreading malware using those browsers.
@Andy Prough, I agree, Chrome will be better if Rust is used in its inner. In fact there is a good blog by Dana Jansen about this, that can be read in this website (it’s very interesting).
https://security.googleblog.com/2023/01/supporting-use-of-rust-in-chromium.html
To read that blog I would have to enable all kinds of unsafe Google javascript, but here is an article about it by the much more trusted Malwarebytes which doesn’t need any untrustworthy javascript to read: https://www.malwarebytes.com/blog/news/2023/01/google-to-support-the-use-of-rust-in-chromium
Even Google’s own engineers recognize the need for rewriting their unsafe chromium code in rust to overcome their massive rule-of-2 problem. Of course, it will probably take a decade or longer to re-write it, so until it is finished you’d have to say that no browser that relies on chromium code is in any way trustworthy, based on Google’s own statements.
@Andy Prough
Not sure what your point is. No browser, including Firefox (see the comment of VioletMoon), is written in Rust. And going by that logic, all programs so far, EVER, were not secure because they were not written in Rust. Do you know what that means? I can only laugh at your propaganda at this point.
Rust is also not a cure-all, it’s just a memory-safe language. The blockchain Solana is written in Rust, for example, and is frequently exploited.
Enjoy your completely Rust-free Pale Moon that you (ironically) also promote here, despite the alleged importance of Rust.
>”The blockchain Solana is written in Rust, for example, and is frequently exploited.”
Is it exploited as frequently as chromium-based browsers are? I highly doubt it.
@Andy Prough
Why is it “too dangerous to use” without Rust? No browser is written in Rust, including Firefox. Especially the most attacked components of Firefox are NOT written in Rust as of now.
Andy Prough, you are trolling here.
I find it highly ironic that you talk about Rust given how prolific you are on the Pale Moon forums, its dev being heavily anti-Rust for some reason. Also, you using Pale Moon disqualifies your opinion on security, you are using a single-process browser that was never properly analyzed or vetted by anyone except the single dev.
@Iron Heart or Iron Troll: Webrender is written in Rust, is it not important ? And don’t tell people to read 1 Gigabyte of Firefox source code because it’s impossible, you’re a monster okay so you can, eventhen, if you can’t point out what are Firefox’s security exploits then it didn’t happen and everything you said is just bs, because you said you can so prove your point.
@upp or muppet
> Webrender is written in Rust, is it not important ?
It’s not. Comparatively, anyway.
> And don’t tell people to read 1 Gigabyte of Firefox source code
You are the one who claimed that Firefox being written in Rust (it’s not, lol) improves its security. I then replied that the most attacked components of Firefox are literally not written in Rust, and that you can look at the code of those components if you don’t believe me. I don’t have to prove anything to you here, if you don’t believe me it is up to YOU to check and do some minimal research, in order to learn. You can start with the memory allocator, a source of several severe security issues of Firefox over the last years. You can then return to me like a pro and admit that there isn’t much if any Rust code in there. Good luck on your journey.
> You are the one who claimed that Firefox being written in Rust
Okay, making up my words to prove your bs, I said “important components of Firefox”, boy.
> Okay, making up my words to prove your bs, I said “important components of Firefox”, boy.
That’s literally false though. WebRender does not suffice to support your argument here.
@Iron Heart
what is your opinion regarding adguard for windows and android phones? well i know that in future can’t rely more on ublock origins.
@Anonymous
The browser extension will be as limited as uBO in Chromium at least, so no advantages there. The app on Android acts as a local VPN and will be unaffected. It lacks cosmetic filtering (similar to Pi-Hole) but it gets the job done. Still, I would use a browser with an adblocker (extension or built-in) in addition to that, for cosmetic filtering.
The brave iron troll accusing others of trolling, hilarious.
@smaragdus
I see you are big mad at me for putting the facts out there. Good to know that I am literally living in your head rent free.
Unfortunately for you, I don’t even know who you are.
>”Andy Prough, you are trolling here.”
Fair enough, you are the trolling expert, you would know.
>”given how prolific you are on the Pale Moon forums”
Prolific? I should demand that they start paying me for my brilliant opinions.
>”you are using a single-process browser that was never properly analyzed or vetted by anyone”
Doesn’t matter which browser I use, because I don’t allow javascript, delete all cookies and cache, don’t do dodgy downloads or visit dodgy download sites, etc, etc, etc – I could be just as safe online with frequently exploited chromium or with rarely exploited SeaMonkey, or with never exploited Pale Moon. Instead of using your ghacks bullhorn to scream at all Firefox users, you should use your bullhorn to train them on actual safe, non-js browsing.
@Andy Prough
> Fair enough, you are the trolling expert, you would know.
Sad noises after I called your nonsense out, I see.
> Prolific? I should demand that they start paying me for my brilliant opinions.
I’d actually pay for a brilliant opinion coming from you, knowing that I would keep that money indefinitely.
> because I don’t allow javascript
That’s very practical on most websites, hence why browsers disable JavaScript by default. Oh wait, they don’t. Because it’s impractical.
I guess, if the site still works in Pale Moon one might as well drop JavaScript too.
> frequently exploited chromium or with rarely exploited SeaMonkey, or with never exploited Pale Moon.
You realize that various Firefox-related security issues apply to Pale Moon and SeaMonkey as well, right? So how can you say hardly / never exploited? When certain issues literally apply there 1:1? What a laughable take.
> Instead of using your ghacks bullhorn to scream at all Firefox users, you should use your bullhorn to train them on actual safe, non-js browsing.
I won’t because it is highly impractical outside of niche use cases.
>”That’s very practical on most websites, hence why browsers disable JavaScript by default. Oh wait, they don’t. Because it’s impractical.”
That’s the argument of the sheeple. “I’d rather be safe, but it’s just not practical”. The super-safe Icecat browser disables all untrusted js by default, and it is widely acclaimed for being the browser that will keep users safest from malware or ransomeware.
@Andy Prough
> That’s the argument of the sheeple.
And you are making the argument of the ignorant. There is a reason why people don’t turn off JS, and if they do, they likely do it with a tool like NoScript that enables them to selectively allow certain scripts (because otherwise many websites just don’t work, period). I think you are misusing this impractical solution as a strawman to not confront the security issues of Pale Moon and SeaMonkey. I don’t believe for a second that you have JS turned off on all websites, either.
I won’t reply to further BS and useless strawmen coming from you.
can ghacks add tag for martin and ashwin article only.
It is pain in the ass to see all article and click only ones i intersted
@Iron Heart
Privacy reduces security, security reduces privacy
so chrome browsers are safer than firefox
I think Edge browser is more secure than other browsers
I currently think of privacy and security as linked. For example, if you increase security of who can see what is transmitted you are also increasing the privacy of any transaction. Alternatively, if you increase privacy by reducing visibility of personal/location data you are increasing personal security. Are you able to correct my logic with an explanation why privacy and security are opposing?
@Anonymous
> I currently think of privacy and security as linked
Definitely connected and that’s not the point
@Anonymous
That’s where you are wrong, they are different sets with minor overlap. A bitcoin miner can perfectly be a security disaster but totally respect your privacy, whilst stealing electricity from you.
A botnet can also not care about your data and just abuse your machine for DDoS.
@DATA
Privacy and security can be achieved at the same time, because they are not the same thing. Privacy is resistance against user data exfiltration and security is resistance against exploits. GrapheneOS is an example of a secure and private operating system, for example.
@Iron Heart
>Privacy and security can be achieved at the same time
Privacy and security undermine each other
can never be achieved at the same level
the tor browser is an example of this
there is no secure system, it is more secure than the other.
@KeepCalmDude
Most recommend firefox.
but its market share continues to decline
I think the words contradict each other
i think edge browser is more secure than all
@KeepCalmDude
the majority recommend firefox
but the market share continues to decrease
I think the words contradict each other
@David
Just decide for yourself, you are an adult. Use what works for you, I use what works for myself.
Madaidan should add a new section how broken Chromium is, lol.
When they don’t play dirty:
https://www.cnet.com/tech/services-and-software/mozilla-exec-says-google-slowed-youtube-down-on-non-chrome-browsers/
https://www.theverge.com/2018/12/19/18148736/google-youtube-microsoft-edge-intern-claims
They are even more insecure than the browsers they claim to be better than:
https://twitter.com/topjohnwu/status/1105739918444253184
The universe / karma has a strange way to payback such shammers.
“We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.”
“my ignorant friend.”
@Anonymous
You can either whine about my accurate choice of words or choose to act like an intelligent human being in my presence. I see, you picked the former.
@Markus
@Iron Heart
What is your opinion about brave?
@David
Same chromium engine clones like (Edge, Vivaldi, Brave, Opera,…)
A security issue monoculture waiting for the next 0-day.
You guys have no facts to offer. I am basing what I say off of actual code analysis. What you guys say is based on the erroneous assumption that lack of popularity, thereby a lack of being targeted, means that the base code is more secure – which is laughable and amateurish.
@John G.
Who cares?
@David
Question is too general in nature.
@KeepCalmDude
Why am I the angry one when the Firefox crowd is obviously allergic to facts? Nobody attacks a hardly used product, so therefore it has nominally fewer reported security issues. This does not mean that its base code is more secure, it just means it is – lo and behold – less targeted. Firefox’s base code is less secure because it lacks isolation of various processes and a proper sandbox, just to name the two main issues. Deal with the facts or go home.
>Who cares?
Funny coming from a carebear :)
[https://upload.wikimedia.org/wikipedia/en/4/47/Care_Bears.png]
Markus, stop trolling. Nobody is using Firefox (below 3% market share by now), therefore hardly anyone is targeting it. Chromium is actually targeted in the wild. Further, Firefox does not isolate certain processes, so when there is an escape out of process (which would have a CVE assigned in Chromium), such an escape would not even be necessary in Firefox, as it doesn’t isolate certain things in the first place. You would know this if you understood what madaidan is talking about.
You then add some unrelated stuff like Firefox’s JavaScript engine having performance issues… Like, how is that related? Such bullshit too, if it’s all YouTube’s or Google’s fault, then why is SpiderMonkey losing generic benchmarks against V8 as well? Seems like there is a more general issues than just YouTube, my ignorant friend.
Enough with these “wilderness” clichés! What does “wild nature” mean?! What does “wildlife” have to do with Chrome?! Are humans “wildlife”?!
@lakii
There are exploits for Chromium that are actually / practically used, if you like that phrasing better.
Iron Heart buddy old pal I don’t think it’s about performance, security, or anything like that. You could tell me that Chrome is better than Firefox in every way yet I’d still rather never use chromium again – the world’s dependency on one browser is not a good thing and competition must be encouraged.
Google’s power is already all-expansive I think it’s time that people at least think about starting to break away from it, bit by bit. This is the moral argument and as bad as it may sound, it’s the argument I care most about.
Show me a bank that pays 4% interest and I’ll stick with my bank that pays 0% interest for the same reason. Its our moral obligation to keep non-competitive organizations running.
What’s wrong with that logic?
@basingstoke
Mozilla is almost totally dependent on Google’s funding and doesn’t take the high road on any issue. Recently Google removed JPEG XL support from Chromium and Mozilla followed suit. I’ll believe in the competition tale once they have independent funding and stand their ground on any important issue.
By the way, 3% market share is not enough to change anything, even if the Mozillians were not on Google’s payroll. It’s also not our job to make the browser competitive. I am not fond of using it for ideological reasons, especially if such reasons have no real basis in Mozilla’s past performance as a “competitor”.
This post was written by the Brave corporation and VC money from Facebook board members.”
@Jek they/them Porkins
> This post was written by the Brave corporation and VC money from Facebook board members.”
Peter Thiel is invested in many projects and Brave had promise. Mozilla is funded by literal Alphabet / Google and bows to them every single time, lol.
@Iron Heart
Google is invested in many projects and Firefox had promise. Brave is funded by literal Woke / Facebook and bows to them every single time, lol.
@Jek they/them Porkins
> Google is invested in many projects and Firefox had promise.
Promise as an antitrust shield, yes.
> Brave is funded by literal Woke / Facebook and bows to them every single time, lol.
Peter Thiel is not Meta. Peter Thiel is a private investor.
And Facebook is an ad-based business, so how is a browser with built-in adblocker bowing to them?
If you lose an argument, that doesn’t mean that you have to turn stupid all of a sudden.
“We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.”
“If you lose an argument, that doesn’t mean that you have to turn stupid all of a sudden.”
@Iron Heart
If you lose an argument, that doesn’t mean that you have use personal attacks.
@Iron Heart: Do you even know that impotant components of Firefox is written in Rust, and Rust is very immune to security exploit, and Chrome is trying to use Rust to reduce their security exploit too, Google it. You’re the one who should stop trolling and spreading bs.
@upp
> Do you even know that impotant components of Firefox is written in Rust
None of the most attacked components of Firefox is written in Rust.
> You’re the one who should stop trolling and spreading bs.
You can verify that what I said is true by looking at Firefox’s code.
I use Firefox mostly 75% of the time.
I use LibreWolf and Brave probably about the same proportions but I am tiring of LibreWolf, not rendering sites for reasons I cannot work out.
You are just mad because you are angry.
@Iron Heart
>stop trolling
how ironic
@Anonymous
Your entire existence is ironic.