Chrome has 3.2 billion users worldwide and now every single one of them needs to act because Google has confirmed multiple new hacks of its browser. Here is everything you need to know to stay safe.

Google released the news on its official blog, confirming 11 successful Chrome hacks have been discovered, nine of which it says pose a ‘High’ threat level. The hacks affect Chrome running on every major platform, including Windows, Mac and Linux.

As for the hacks themselves, they remain top secret with Google warning that “Access to bug details and links may be kept restricted until a majority of users are updated with a fix.” In short, Google is buying users time to protect themselves. Consequently, all we know right now are the threat levels, trackers, areas of exploitation and source:

  • High – CVE-2022-1305: Use after free in storage. Reported by Anonymous on 2022-01-07
  • High – CVE-2022-1306: Inappropriate implementation in compositing. Reported by Sven Dysthe on 2022-02-21
  • High – CVE-2022-1307: Inappropriate implementation in full screen. Reported by Irvan Kurniawan (sourc7) on 2022-03-01
  • High – CVE-2022-1308: Use after free in BFCache. Reported by Samet Bekmezci @sametbekmezci on 2021-12-28
  • High – CVE-2022-1309: Insufficient policy enforcement in developer tools. Reported by David Erceg on 2020-07-17
  • High – CVE-2022-1310: Use after free in regular expressions. Reported by Brendon Tiszka on 2022-03-18
  • High – CVE-2022-1311: Use after free in Chrome OS shell. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-03-28
  • High – CVE-2022-1312: Use after free in storage. Reported by Leecraso and Guang Gong of 360 Vulnerability Research Institute on 2022-03-30
  • Medium  CVE-2022-1313: Use after free in tab groups. Reported by Thomas Orlita on 2021-11-16
  • Medium  CVE-2022-1314: Type Confusion in V8. Reported by Bohan Liu (@P4nda20371774) of Tencent Security Xuanwu Lab on 2022-03-09

Following several high-profile V8 attacks, ‘Use-After-Free’ (UAF) exploits once again dominate the Chrome threats and have now cracked Chrome security approximately 55x in 2022. Moreover, successful Chrome attacks are increasing in frequency — something Google acknowledges but also defends.

To defend against the latest hacks, Google released Chrome 100.0.4896.88. Google warns it will not be made available to everyone all at once but will instead “roll out over the coming days/weeks.” To manually check for the update, click the three dots in the top right corner of the browser and navigate to Settings > Help > About Google Chrome.

For the full Google article, please visit – https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_11.html

 

Contact Us

If you would like to put your social media requirements in the hands of a company that will take it forward, please contact Footprint Digital on Tel. No. 01883 372488 today.

Currently Browsing: Is Your Chrome Browser Up To Date?