Google has announced an update to their Chrome browser that fixes 37 security vulnerabilities for the first major update of 2022. 24 of these vulnerabilities were uncovered by external researchers, including the Google Project Zero initiative, while the other 13 were uncovered by Google as part of its ongoing internal security work.
Of the 24 vulnerabilities discovered by external researchers, one is rated as Critical, 20 are rated as either High or Medium, and three are rated as Low. The Critical vulnerability, tracked as CVE-2022-0096, is a use-after-free bug in the Storage component, which could lead to execution of malicious code on a vulnerable system. The other vulnerabilities include further use-after-free bugs in different components, heap buffer overflows, and type confusion.
Google has released Chrome version 97.0.4692.71 to address all of the vulnerabilities, across Windows, Mac, and Linux versions of the software.
Analyst Notes
It is recommended to update to Chrome version 97.0.4692.71 as soon as possible. Google Chrome normally updates automatically in the background when the browser is closed and re-opened, so it is recommended to regularly close Chrome to allow updates to occur on devices that may stay powered on for long periods of time. Alternatively, Google Chrome can be updated manually on computers by going into Settings, About Google Chrome, and then clicking Update Google Chrome. On mobile devices, Google Chrome can be updated via the Play Store app or App Store for Android or iOS devices, respectively.
https://thehackernews.com/2022/01/google-releases-new-chrome-update-to.html
https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html
