Chrome 98 now available, fixed 27 security issues

February 03, 2022
Read
Chrome 98 now available, fixed 27 security issues

Chrome 98 now available

Google recently launched Chrome 98 for All by fixing 27 security issues, 19 of which were reported by external researchers. The company continues to place great importance in providing its users with a fast, efficient and, above all, secure browser.

Among the bugs fixed, one, particularly dangerous, allowed to execute arbitrary code with the same privileges possessed from Chrome on the affected system. Of the 19 bugs discovered by outside researchers, eight were rated as serious, while 10 were rated as medium severity and one as low risk. The people who contributed to the browser's security were rewarded with $ 20,000 each.

In addition, the company, as reported by colleagues at Security Week, revealed that it paid $ 12,000 for a heap buffer overflow in ANGLE (CVE-2022-0454), $ 7,500 for an inappropriate implementation in full-screen mode (CVE-2022-0455), $ 7,000 for use-after-free in web search (CVE-2022-0456), and $ 5,000 dollars for a type confusion in V8 (CVE-2022-0457).

if (jQuery ("# ​​crm_srl-th_hardware_d_mh2_1"). is (": visible")) {console.log ("Edinet ADV adding zone: tag crm_srl-th_hardware_d_mh2_1 slot id: th_hardware_d_mh2 "); } Credit: Photo by Deepanker Verma from Pexels

Six of the medium-severity flaws fixed in Chrome 98 are "use-after-free" bugs (in window dialog, accessibility, extensions, payments and cast), three are inappropriate implementations (in scrolls, extensions and pointer locks) and one is a policy bypass (in COOP). Instead, the low severity vulnerability involved out-of-bounds memory access in V8. Google claims to have paid $ 88,000 in "bug bounty" rewards to researchers, but has yet to announce payouts for six of the fixed issues.

Obviously, we advise our readers to proceed as soon as possible to update to the latest stable release of Chrome, corresponding to 98.0.4758.80/81/82 for Windows and 98.0.4758.80 for macOS and Linux.




Google Issues Warning For 3 Billion Chrome Users

Chrome users beware, less than two weeks after I reported a critical attack on Google’s browser, numerous new hacks have been confirmed.

New High-level threats have been found in Google Chrome

LIGHTROCKET VIA GETTY IMAGESMORE FROM FORBESGoogle Scraps Flawed New Chrome Browser Tracking SystemBy Gordon Kelly

Google disclosed the vulnerabilities in a new blog post, where it confirmed 27 exploits have been discovered in Chrome. Of these, Google warns that eight are classified as posing a ‘High’ threat level. Users of Windows, Mac and Linux operating systems are all affected. 


In order to buy time for Chrome users to upgrade, Google is currently restricting information about these threats but it has revealed the areas within the browser that the new hacks are exploiting. I have listed the high-level attacks below:

  • High - CVE-2022-0452: Use after free in Safe Browsing. Reported by avaue at S.S.L. on 2022-01-05
  • High - CVE-2022-0453: Use after free in Reader Mode. Reported by Rong Jian of VRI on 2022-01-06
  • High - CVE-2022-0454: Heap buffer overflow in ANGLE. Reported by Seong-Hwan Park (SeHwa) of SecunologyLab on 2022-01-17
  • High - CVE-2022-0455: Inappropriate implementation in Full Screen Mode. Reported by Irvan Kurniawan (sourc7) on 2021-11-16
  • High - CVE-2022-0456: Use after free in Web Search. Reported by Zhihua Yao of KunLun Lab on 2022-01-21
  • High - CVE-2022-0457: Type Confusion in V8. Reported by rax of the Group0x58 on 2021-11-29
  • High - CVE-2022-0458: Use after free in Thumbnail Tab Strip. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-11-05
  • High - CVE-2022-0459: Use after free in Screen Capture. Reported by raven (@raid_akame) on 2021-08-28

    • The big takeaway here is that ‘Use-After-Free’ (UAF) exploits not only continue to be the dominant method of attack by hackers, but their popularity is growing. Five of the eight high-rated Chrome attacks use this method, bringing the total number of successful high/critical-rated UAF Chrome hacks to 21 since the start of the year. 


    UAF vulnerabilities are memory exploits created when a program fails to clear the pointer to the memory after it is freed. 


    Right behind UAF are Heap buffer overflow attacks. Also known as ‘Heap Smashing’, memory on the heap is dynamically allocated and typically contains program. Chrome V8 exploits have also been rife over the last year. V8 is an open-source JavaScript engine which is used by Google Chrome and Chromium-based web browsers like Microsoft Edge, Opera, Amazon Silk, Brave, Yandex and Vivaldi. 

    What You Need To Do


    In response to these hacks, Google has announced Chrome 98 (specifically 98.0.4758.80/81/82 for Windows and 98.0.4758.80 for Mac and Linux). Google warns that the release “will roll out over the coming days/weeks”, so you may not bea> able to protect yourself immediately. 

    Google Chrome must be restarted after updating before you are protected

    Gordon Kelly

    To see if Chrome 98 has rolled out to your computer, go to Settings > Help > About Google Chrome. If your Chrome browser is listed as 98.0.4758.80 or higher, you are protected. If the update is not installed or listed as being available for your browser, check regularly and do not take risks with your browsing. 


    When you do update, remember Chrome must be restarted for the fix to take effect. Chrome is now used by 3 billion users worldwide on desktop and mobile making it a huge target for hackers and they can find easy targets among users who fail to complete that crucial final step. Don’t be one of them. 


    ___


    Follow Gordon on Facebook


    More On Forbes


    Google Scraps Flawed New Chrome Browser Tracking System


    Google Chrome 100 Release Could Cause Problems For Older Websites


    Tags :
    Next Article




    Powered by Blogger.