Google has once again updated the desktop version of its Chrome browser for Windows, Mac, and Linux, raising the version number to 90.0.4430.93 and fixing nine security flaws.
Unlike other Chrome security updates in the past two months, this time there are no patches for "zero-day" flaws that have been actively attacked by hackers. However, it is best to update your Chrome browser now, as the bad guys can often figure out what the vulnerabilities are by analyzing code changes.
On either Mac or Windows, simply click on the three vertical dots in the upper right corner of the browser window, scroll down to highlight "Help," and click "About Google Chrome" from the menu that appears.
A new tab will open, indicating that your Chrome build is up to date or a newer version will be downloaded.
Linux users generally need to wait until their chosen distribution pushes the Chrome update along with other normal software updates.
Since Chrome shares infrastructure with Brave, Microsoft Edge, Opera, Vivaldi, and others, these browsers will eventually need to be updated as well.
In Brave and Edge, click the settings icon in the upper right corner and scroll down to find "About"; in Opera and Vivaldi, click the browser logo in the upper left corner.
However, as of this writing Wednesday afternoon (April 28), only Brave has been updated to version 90.0.4430.93, the same as Chrome.
Opera was still based on Chromium 90.0.4430.85, and Vivaldi was based on Chromium 89.0.4389.128. Edge uses a slightly different version number, but if you type "edge:// version", which indicates that the current version is based on Chromium 90.0.4430.85.
One of the most serious flaws fixed in the new version of Chrome is a problem with the V8 JavaScript engine.
Like these flaws, this new flaw is harmless unless the browser's "sandbox" is turned off, in which case it could be used to hijack a computer's operating system.
Singular Security Lab researcher Gengming Liu disclosed the flaw to Google on April 15 and plans to collect a $15,000 "bug bounty" for his discovery.
Most Chromium-based browsers have sandboxing turned on by default. However, desktop applications that use Chromium, such as Slack, Discord, Spotify, Bitwarden, WhatsApp, Twitch, Microsoft Teams, and Skype, may have the sandbox turned off. Therefore, be careful updating these applications.
Two other highly critical flaws discovered by outside researchers (Google is awaiting disclosure of flaws discovered internally) are the use-after-free memory vulnerability in Dev Tools discovered by Microsoft researchers and the ANGLE graphics engine heap buffer overflow (also a memory issue). Details of these flaws have not yet been made public.
By our count, this is the eighth Chrome for desktop security update in the past two months and the fourth in the past two weeks; the Chrome/Chromium developers have certainly been busy. Their efforts have made the browser very secure to use.
Here is a list of the latest updates to Chrome/Chromium.
Comments