Google patches actively exploited security issue in Chrome 112
Google released an update for its Chrome web browser for the desktop and for Android. The new update patches a security issue that is exploited actively in the wild. Chrome users are encouraged to update their browsers as soon as possible to protect it from these targeted attacks.
Desktop users may select Menu > Help > About Google Chrome to run a manual check for updates. An alternative is to load chrome://settings/help directly in the address bar, which opens the same page.
Chrome displays the installed version on the page and will check for updates. It should pick up the update during the check to install it on the device. A restart of the web browser is required to complete the update.
The new version of Chrome has the following version after the update has been processed.
- Chrome Stable and Extended Stable for desktop: 112.0.5615.121
- Chrome for Android: 112.0.5615.100 or 112.0.5615.101
Chrome 112: Emergency security update
Google provides the following information on the Chrome Releases blog about the update. According to the information, the security update is addressing two security issues in Chrome.
Google reveals information about externally reported security issues only to the public. The reported security issue, CVE-2023-2033, is a type confusion in V8. It has a severity rating of high, and Google highlights that an exploit for the issue exists in the wild.
It is unclear how widespread attacks are that exploit the issue, as Google makes no mention of that.
No information is provided on the second security issue that Google addressed in the Chrome 112 update.
Google Chrome users may want to update their web browser immediately to address the issue. Desktop users have all the options at hand to update immediately, mobile users need to wait until Google Play pushes the update to their devices.
Google released Chrome 112 at the beginning of April. The update fixed 16 unique security issues in the web browser and introduced several non-security changes as well. You can check out our review of Chrome 112 here for an overview.
Now You: do you have Chrome installed on your devices?
It’s clear why madaidan does not include any chromium-based browsers in his Whonix high security project, but instead uses the Tor browser. He is well aware that after about 40 zero-day exploits in the last 4 1/2 years, that chromium is a security disaster of historic proportions that and he cannot in good conscience expose his Whonix users to it.
Chrome is not a bad browser at all and furthermore it’s installed in mostly all computers and Android mobile phones. By the way it has a lot of exploits because it’s the most widely used browser and the hackers are all day long attacking its code to take benefits. In the other hand we have Firefox, that is also a good browser, however sometimes it’s buggy as hell with no reason. For example, I have noticed some unexpected issues with latest version 112 and I don’t know what’s the culprit. Youtube website loading times are longer than before and the videos have also some unexplained delays and glitches. I hate this kind of situations, because Chrome has always the same behaviour whatever the website, it never fails I can sure you that Chrome always works. So sad, imho we will see some version 112.1 very soon, I bet you that this will be the real fact because it’s obvious that some unexpected bug is inside FF. :S
That’s a given considering google mostly dictates web standards nowadays.
Youtube is owned by google & many websites prioritizing google chrome as their target browser before anything else that’s why some sites are either buggy or runs like crap when used on other browsers.
But don’t worry, firefox is going to become chromified soon so there will only be one major browser.
The same reason I no longer use Firefox anymore. With every new version, there is a glitch on it. With Chrome everything works. I know I know this going to bother Google haters on this site but the fact is Chrome is popular for a reason…because it works all the time..I really don’t care for all that privacy none sense about Chrome. There’s nothing much you can do about it other than blocking ads and trackers with extensions.
@Georgie,
> “I really don’t care for all that privacy none sense about Chrome”
Is it that you don’t care about your privacy as a whole or only when it comes to a browser known for its notorious privacy-invasive policies but fit for users who care only for an install and forget it easiness?
My very neighbor runs Firefox out of the box and has never encountered the slightest issue. He happens to be annoyed by innovations but his overall experience with Firefox is such that he hasn’t “the slightest intention to discover any other browser” as he says.
Other Firefox users as myself tweak Firefox intensively and encounter no issue. And tweaking concerns mainly modifying about:config prefs, some of which IMO should be opt-in rather than opt-out but whatever : those prefs exist and you may access them. I know also that many users play around with these settings’ availability and face issues when they’ve modified blindly and have no backup.
Firefox here has always ran like a charm. Indeed more privacy you search for, more fine-tuning you introduce, greater is the need of attention, caution. But the result may be astonishing.
Anyway, any privacy-invasive company relies on users who “really don’t care for all that privacy none sense”, and especially when it concerns their products. Be happy as Google is.
@Tom Hawack, nice to read you again. Indeed Firefox has had for long five years a weird bug with MS Defender that makes it to eat some memory and a lot of CPU resources. I think that this bug has been solved recently. At the other hand, Firefox works very differently depending on the system, for example my sister has FF on an Intel i7 and she noticed no major issues (anyway her computer has W10 and 16Gb RAM). My mother uses Firefox for some buying sites and it’s working nice also with an Intel i3 with 8Gb RAM using W10. I have two computers with AMD inside and I notice several issues, mainly with the AMD disaster graphic drivers, horrible optimized as hell. Also I have noticed the same issues with version 112 with W11 and also with Ubuntu 22.04 LTS as well. So Firefox works nice, all right, until it doesn’t work nice, and you may notice that something is wrong because the issue is high noticeable. I meant that if Google Chrome has an issue, you probably won’t ever noticed it at all. Anyway @Tom, you are a very clever guy and probably your Firefox is better than expected due the highly tweaked changes that you did to it, nice for you! :]
Hello @John G., nice to read you as well. You write, “Firefox works very differently depending on the system[…]” : I must say I’ve never ran Firefox on a different OS than Win7 (neighbor I mentioned above as well) nor with different hardware components. But issues in such environments, mainly when it comes to the OS and mainly when it comes to Windows post version 8.1 may be related to those very OSs : I’m tempted to believe that Windows 10/11 are built to favor Chromium-built browsers (Google, Edge) in disfavor of Firefox which would explain that most if not all reported Firefox issues I read concern users of Win10/11, especially those published on Reddit.
Anyway, issues is one thing, privacy another. Striving to preserve one’s privacy should this mean choosing a privacy-oriented browser facing issues rather than another one running flawlessly at the price of privacy invasion is IMO an approach worth some user efforts. That’s how I see it and conceive it may not be everyone’s reasoning. For my part I can affirm that whatever the OS, whatever the hardware I will NEVER call upon Google Chrome nor Microsoft Edge browsers to visit the web : never.
@Georgie, I agree. Chrome works and that’s the only thing a browser should do: working!
How many zero days in a the past few months? Most secure browser ever since IE6.
it has now been 0 days since the last zero-day exploit of chromium
And again already actively exploited.. lol, was probably a mistake to bloat the thing so hopeless:
The new flash.
Hitomi the Firefox user acting as if his shite is more secure…
179.8 MByte chrome bloat vs 53.3 MByte fox.
[https://fablesofaesop.com/the-fox-and-the-leopard.html]
Aesop was ahead of his time.
@Hitomi
Except your numbers are not even accurate.
Also thanks for admitting that you are here to promote a certain product.
Compressed offline installers, my redditspacing friend :^)
> :^)
Thanks for admitting that you are Pinocchio.
Very thankful to the person (sorry I forgot name) who posted the following uBo filter. I have been using it for few weeks now. Finally I can browse skipping the softonic generated articles.
! Block articles from any author other than : Martin Brinkmann | Mike Turcotte | Ashwin :
ghacks.net##:is(.hentry,a.home-posts):has-text(Carol van Zyl)
ghacks.net##:is(.hentry,a.home-posts):has-text(Emre Çitak)
ghacks.net##:is(.hentry,a.home-posts):has-text(Eray Eliaçik)
ghacks.net##:is(.hentry,a.home-posts):has-text(Helena Bosnjak)
ghacks.net##:is(.hentry,a.home-posts):has-text(Jesus)
ghacks.net##:is(.hentry,a.home-posts):has-text(Kerem Gülen)
ghacks.net##:is(.hentry,a.home-posts):has-text(Leri Koen)
ghacks.net##:is(.hentry,a.home-posts):has-text(Onur Demirkol)
ghacks.net##:is(.hentry,a.home-posts):has-text(Priyanka Monteiro)
ghacks.net##:is(.hentry,a.home-posts):has-text(Russell Kidson)
ghacks.net##:is(.hentry,a.home-posts):has-text(Shaun)
ghacks.net##:is(.hentry,a.home-posts):has-text(Sponsored Content)
ghacks.net##:is(.hentry,a.home-posts):has-text(Trevor Monteiro)
ghacks.net##:is(.hentry,a.home-posts):has-text(Zakhi Mgutshini)
!
@Shania, unfortunately, in Chromium, the specified authors are not blocked. Any idea how to make these rules work in Chromium?!
@transsexualUSA It is working for me in both Chromium and Edge. Perhaps check if “Parse and enforce cosmetic filters” and “Suspend network activity until all filter lists are loaded” these both settings are checked and “Ignore generic cosmetic filters is unchecked under Filter Lists.
https://www.ghacks.net/author/miketur/
Mike Turcotte used to post about Linux however his last post was on June 6 2022. So Since he is not active anymore the filter could be modifed as
ghacks.net##.hentry,.home-posts,.home-category-post:not(:has-text(/Martin Brinkmann|Ashwin/))
I checked either of these filterlists work in both FF and Chromium/Edge with uBo. If they are not working the reason would be
The changes are not saved and applied
or
Cosmetic filtering is being ignored
or
Some other addon is interfering.
@Shania, I’m quite surprised to read you write “Mike Turcotte used to post about Linux however his last post was on June 6 2022. So Since he is not active anymore the filter could be modified as [Remove ‘Mike Turcotte’ from the filter]”
What’s the aim of the filter? To bypass articles we presume to have been written either by bots either by humans using AI for the entirety or part of their articles.
Applying such a filter is by itself tough given the presumption is not formal evidence. We may consider that we have sufficient arguments to carry on with such a filter, I do myself. But to push further even by arguing that a known author should be removed from the ‘keep only’ filter on the ground he/she hasn’t published for a while is, IMO, both an intellectual and ethical mistake. What next? Remove ‘Ashwin’ because he wouldn’t have published in the last three months? I am stunned, sorry to say it so straightforwardly.
@Tom I am sorry but I think there’s been a misunderstanding. I only mentioned Mike Turcotte hasn’t posted in around 10.5 months, and and I like to keep the filters small. That is the only reason I suggested so.
Of course anyone can edit the filters and read only specific authors as they want, there shouldn’t be any issue with that. I mean suppose someone say he would prefer to read softonic generated “How-to” or VPN articles and would hide Martin/Ashwin’s articles then that should be fine too.
@Shania, no drama, no problem. As I understood it hereafter was ambiguous :
“Mike Turcotte used to post about Linux however his last post was on June 6 2022. So Since he is not active anymore the filter could be modifed as ”
“Since he is not active anymore”? To start with this is that is IMO a risky conclusion.
Based on that conclusion, “the filter could be modified as” :
1- if he doesn’t publish why include him in an exclusion list?
2- What about his past articles, those which may be found when searching throughout Ghacks? With him included his articles wouldn’t appear in the search results.
I’m sure you meant no harm and I’m no authority to decide of whatever, I only expressed an astonishment. Because carrying along with the logic of including in the filter known Ghacks authors who haven’t published for some time we could end up with :
! Block articles from any author other than : Martin Brinkmann :
ghacks.net##.hentry,.home-posts,.home-category-post:not(:has-text(/Martin Brinkmann/))
!
and even, who knows?
! Block articles from any author other than : Martin Brinkmann | Mike Turcotte | Ashwin :
ghacks.net##.hentry,.home-posts,.home-category-post:not(:has-text(//))
!
I mean, hey! :=)
@Shania thanks again! :]
@transsexualUSA, I have uBlock Origin in MS Edge and those filters work, however you will notice that “my filters” option at filter lists should be marked, and also these filters should be pasted and saved (i.e. “apply changes”). There is also an alone filter provided by @Cassette that does this grateful whole job by itself:
ghacks.net##.hentry,.home-posts,.home-category-post:not(:has-text(/Martin Brinkmann|Mike Turcotte|Ashwin/))
However I don’t know who is Mike Turcotte. :S
{{{[[[[[ @John G., the filters are in place and the changes are applied, but they don’t work for Chromium.
>>>ghacks.net##.hentry,.home-posts,.home-category-post:not(:has-text(/Martin Brinkmann|Mike Turcotte|Ashwin/))>>> this filter works. But some articles stick to other articles, other places leave holes?!
https://i.postimg.cc/FH7RXzCz/likj.png “”
No, I do not have the Chrome browser installed on any of my devices.
Shania, it was originally; Tom Hawack on 7 April 2023, that posted that uBlock Origin filter (https://www.ghacks.net/2023/04/07/green-technology-driving-sustainable-development/#comment-4563426).
Tom and others had genuine concerns about AI generated content being recklessly used to generate large portions of article text. Plus there was a potential lack of transparency as to whether such AI assistance had been used in several articles. Dozens of articles looked suspiciously like mainly AI generated text.
It was also asked that AI also got credited in the author section when it was used in such an unaltered fashion.
Yes, thanks it was posted originally by Tom Hawack as 1337 pUpp37 h4x0rz mentioned.
@Shania, these filters don’t work and anyway all articles are part of Ghacks for good or bad. I read all articles however I only write comments at @Martin and @Ashwin articles mainly all the time, because they often answer some comments and provide some kind of feedback to the users. :S
@John G They work on firefox desktop and even mobile version. I even tested on a fresh install right now. Make sure to save the rules after pasting in uBo My filters page.
@Shania, thanks, I forgot to save the rules (i.e. to apply the changes). :S
@Shania I forgot also to check the box of “my filters”, very important thing to use the personal filters! I can’t remember the last time that I did something like this in uBlock Origin, and it’s also really amazing how time flies and things are forgotten so easy. :[
Thank you so much for this…I was really annoying with so many random none sense articles on this site…felt like a AI was written them..This site has gone downhill with this crap. The other day a popup window appeared from all the advertisers saying to Agree or disagree to their privacy policies . I blocked that one too with ubllock
Thanks for the tip! That’s just what I needed.