Hackers attacking Google Chrome — What to Do Now

Hackers attacking Google Chrome — What to Do Now

Google last night (December 13) patched the desktop version of its Chrome browser to fix five security flaws. The update may not reach all users immediately.

The new update brings the current version of Chrome on Windows, Mac, and Linux to 96.0.4664.110. Windows and Mac users typically only need to close and restart their browser to initiate the update; Linux users, may need to wait for the distribution to bundle patches into the regular update cycle. (Chrome for Android and iOS will be updated separately.)

To verify that your Chrome installation is up-to-date, click on the three vertical dots in the upper right corner of the browser window. Move the mouse down and hover over "Help" and click "About Google Chrome."

A new tab will open, indicating that your version is up to date, or if you are using Windows or Mac, a new version will begin downloading. In the latter case, you will need to restart your browser.

Several other widely used browsers that share Chrome's open source foundation, including Microsoft Edge, Brave, Opera, and Vivaldi, have not yet been updated to the new version. Microsoft may be waiting for December Patch Tuesday, which will take place later today (December 14).

According to the official Chrome Releases blog post, the vulnerabilities already exploited include a "use after free" bug in V8, Chrome's JavaScript engine.

"use after free" means that some process within V8 does not properly "return" blocks of allocated memory space to Chrome's central repository, creating an opportunity for a malicious process to seize memory blocks and hack Chrome from the inside. Creating Opportunities. The flaw was discovered by an anonymous researcher.

The other four flaws relate to Chrome's graphics rendering and software libraries. These flaws were not publicly disclosed until yesterday, but it is possible that some attackers may be aware of these issues and attempt to exploit them accordingly. Google does not plan to reveal the details of each for another 30 days.

Google has patched at least 12 flaws in Chrome this year that count as "zero-day."

Categories