Google Chrome has been successfully hacked yet again with multiple new vulnerabilities that impact the browser across all major platforms. Here’s everything you need to know to stay safe.
Google confirmed the attack on its Chrome blog post, revealing 30 new security flaws have been discovered in Chrome, seven of which it says pose a ‘High’ threat level to users. The exploits affect Chrome on Windows, macOS, Linux and mobile.
As is standard practice in these circumstances, Google is currently restricting information about the vulnerabilities “until a majority of users are updated with a fix” and you should use this time wisely. Below are the seven high threat level exploits Google revealed:
- High – CVE-2022-1477: Use after free in Vulkan. Reported by SeongHwan Park (SeHwa) on 2022-04-06
- High – CVE-2022-1478: Use after free in SwiftShader. Reported by SeongHwan Park (SeHwa) on 2022-02-20
- High – CVE-2022-1479: Use after free in ANGLE. Reported by Jeonghoon Shin of Theori on 2022-03-10
- High – CVE-2022-1480: Use after free in Device API. Reported by @uwu7586 on 2022-03-17
- High – CVE-2022-1481: Use after free in Sharing. Reported by Weipeng Jiang (@Krace) and Guang Gong of 360 Vulnerability Research Institute on 2022-03-04
- High – CVE-2022-1482: Inappropriate implementation in WebGL. Reported by Christoph Diehl, Microsoft on 2022-03-10
- High – CVE-2022-1483: Heap buffer overflow in WebGPU. Reported by Mark Brand of Google Project Zero on 2022-04-08
Use After Free (UAF) attacks continue to be the best path for cracking Chrome. 11 of the 30 new Chrome vulnerabilities are via UAF (a memory exploit). This method of attack has now breached Chrome security over 65 times in 2022.
To protect users, Google has released Chrome 101.0.4951.41 which will “roll out over the coming days/weeks” but you can beat the queue by forcing Chrome to manually check for the update:
- Click the three dots in the top right corner of Chrome
- Click Settings > Help > About Google Chrome.
- Wait for Chrome to find and install the update.
- When prompted, restart Chrome
This last step is crucial and Chrome will not be protected until you do.
Google recently admitted that the number of successful hacks of Chrome and other browsers and platforms is rising. Big tech companies are increasingly working together to combat this growing threat though, to be successful, it also requires due diligence from users. So go beat the queue and force Chrome to update right now.
Follow Gordon on Facebook