Google’s new Chrome 101 update fixes 29 huge security holes


Three times already in 2022, Google has had to urge Chrome users to update their browsers to patch dangerous zero-day exploits. Thankfully, the fourth zero-day has yet to emerge, but the latest Chrome update rolled out last week, and it includes 29 important security fixes. As always, you should apply the update as soon as possible.

Chrome 101 includes important security fixes

Last Tuesday, April 26th, Google’s Prudhvikumar Bommana said in a blog post that Chrome 101.0.4951.41 had begun rolling out to the stable channel for Windows, Mac, and Linux. The update addresses six bugs designated as high-level threats.

Unlike the zero-day bugs, there isn’t evidence that attackers were actively exploiting these bugs. Nevertheless, Chrome 101 does patch potential vulnerabilities, which is why updating is so important.

In all, Google paid out over $80,000 to external researchers that uncovered the bugs patched in Chrome 101. One use-after-free (UAF) vulnerability in Vulkan was worth over $10,000, with several other bugs resulting in payouts worth over $5,000.

These were the six high-level threats that Google patched in Chrome 101:

  • [$10000][1313905] High CVE-2022-1477: Use after free in Vulkan. Reported by SeongHwan Park (SeHwa) on 2022-04-06
  • [$7000][1299261] High CVE-2022-1478: Use after free in SwiftShader. Reported by SeongHwan Park (SeHwa) on 2022-02-20
  • [$7000][1305190] High CVE-2022-1479: Use after free in ANGLE. Reported by Jeonghoon Shin of Theori on 2022-03-10
  • [$5000][1302949] High CVE-2022-1481: Use after free in Sharing. Reported by Weipeng Jiang (@Krace) and Guang Gong of 360 Vulnerability Research Institute on 2022-03-04
  • [$NA][1304987] High CVE-2022-1482: Inappropriate implementation in WebGL. Reported by Christoph Diehl, Microsoft on 2022-03-10
  • [$NA][1314754] High CVE-2022-1483: Heap buffer overflow in WebGPU. Reported by Mark Brand of Google Project Zero on 2022-04-08

Google says that Chrome version 101 is rolling out to users over the coming days and weeks. Don’t fret if you don’t see the update right away. Also, as Forbes notes, other browsers which use the Chromium engine are receiving updates as well. Brave and Microsoft Edge have each seeded updates to address the same bugs as Chrome 101.

How to update your Chrome browser

Chrome doesn’t always apply the latest updates when you open the browser, so if you want to check and see which version you are running, go to Settings and then About Chrome at the bottom of the menu bar on the left side of the screen.

If you are already running the latest version of the browser, then you are good to go. If not, you should begin the process of updating as soon as possible. Once it finishes downloading, click the Relaunch button to finish updating.

More Pixel coverage: For more Pixel news, visit our Pixel 6 guide.


Source link