Xopus

Main Menu

  • Schemas
  • CSS
  • Chrome
  • Firefox
  • Fund

Xopus

Header Banner

Xopus

  • Schemas
  • CSS
  • Chrome
  • Firefox
  • Fund
Chrome
Home›Chrome›Google issues warning to millions of Chrome users

Google issues warning to millions of Chrome users

By Warren B. Obrien
March 2, 2022
0
0

Chrome users, you need to be vigilant. Google has issued a new warning to its nearly three billion Chrome users worldwide confirming new “high” level attacks on its browser. This is what you need to know to stay safe.

A new zero-day high threat level hack has been found in Google Chrome


LIGHTROCKET VIA GETTY IMAGES

MORE FORBESNew Edge, Firefox and Chrome ‘100’ updates will break some websitesBy Gordon Kelly

Google announced the news in an official blog post, revealing that a total of 28 successful Chrome hacks have been discovered, nine of which are considered “high” level threats. The 28 attacks affect Chrome on all major platforms: Windows, Mac and Linux.

What are the new Chrome hacks?

To protect users and give them time to upgrade, Google currently restricts information about new exploits. Therefore, Google only provided broad categories of locations where successful attacks were carried out:

  • High – CVE-2022-0789: Heap buffer overflow in ANGLE. Reported by SeongHwan Park (SeHwa) on 2022-01-21
  • High – CVE-2022-0790: Use after release in Cast UI. Posted by Anonymous on 2021-11-26
  • High – CVE-2022-0791: use after free in Omnibox. Reported by Zhihua Yao of KunLun Lab on 2021-12-09
  • High – CVE-2022-0792: Reading out of bounds in ANGLE. Reported by Jaehun Jeong(@n3sk) from Theori on 01/11/2022
  • High – CVE-2022-0793: use after release in views. Reported by Thomas Orlita on 2022-01-28
  • High – CVE-2022-0794: use after free in WebShare. Reported by Khalil Zhani on 2022-02-04
  • High – CVE-2022-0795: Type confusion in blinking layout. Reported by 0x74960 on 2021-12-27
  • High – CVE-2022-0796: post-release usage in media. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. ltd. on 2022-02-10
  • High – CVE-2022-0797: Memory access out of bounds in Mojo. Reported by Sergei Glazunov of Google Project Zero on 2021-12-21

Continuing a long-established pattern, hackers get the most fun with “Use-After-Free” (UAF) exploits. The five successful high profile attacks here bring the total number of Chrome UAF hacks to 31 since the start of 2022. UAF vulnerabilities are memory exploits created when a program fails to clear the pointer to memory after it is freed .

Interestingly, there is only one high level buffer overflow attack. This was the second most important avenue of attack. Also known as “Heap Smashing”, heap memory is dynamically allocated and usually contains program data. With an overflow, critical data structures can be overwritten, making it an ideal target for hackers.

The good news in the latest hacks is that there are no Zero-Day vulnerabilities. Zero-day attacks occur when hackers create a successful exploit before the business can respond and are the most dangerous type of security exploit. In this case, Google found fixes before they became public knowledge, but Chrome users still need to act quickly.

Update Chrome – What you need to do

To combat new threats, Google announced Chrome 99.0.4844.51. Google says the release “will be rolling out over the next few days/weeks” so not everyone can protect themselves immediately.

The new critical Google Chrome browser update is not yet available to me


Gordon Kelly

To check if your browser is protected, go to Settings > Help > About Google Chrome and check if your browser version is listed as 99.0.4844.51 or higher. If the update is not yet available for your browser, check back regularly.

Critical step: after the update, Chrome must be restarted for the fixes to take effect. With 3.2 billion Chrome users worldwide, even a small number of users forgetting this step can leave millions of systems vulnerable and a prime target for hackers. Go update, right now.

___

Follow Gordon on Facebook

Learn more about Forbes

Google Confirms First Zero-Day Chrome Browser Hack of 2022

Google Scraps Flawed Chrome Browser’s New Tracking System

Related posts:

  1. New Chromebook Perk Gives 50% Off Stadia Premiere Edition Bundle in UK
  2. 7 compelling Google Chrome 90 features that improve your browsing
  3. Top 10 best space pens with chrome clips 2021 – Bestgamingpro
  4. Google Chrome will soon load pages faster on Windows, Linux and macOS
Tagsgoogle chrome

Recent Posts

  • Google Chrome adds virtual credit card numbers to protect your real ones – TechCrunch
  • How to take screenshots using the built-in screenshot tool in Mozilla Firefox on Windows 11 2022
  • Three Bard Faculty Pen Reviews for Artforum May 2022 Edition
  • 10 CSS background templates you can use on your website
  • Automotive Chromium Market Size and Overview 2022-2030 | Key Players – HELLA KGaA Hueck, Thule Group AB, Lund International, Covercraft Industries, Pep Boys – Manny

Archives

  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021

Categories

  • Chrome
  • CSS
  • Firefox
  • Fund
  • Schemas
  • Terms and Conditions
  • Privacy Policy