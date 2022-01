The Chrome team is pleased to announce the promotion of Chrome 97 to stable channels on Windows, Mac and Linux. It will be rolled out over the next few days or weeks.

Chrome 97.0.4692.71 contains some fixes and improvements. The list of changes can be found in the log. Keep an eye out for future Chrome and Chromium blog posts about the new features and major initiatives offered in 1997.

Security fixes and rewards

Note: Bug details and access to links may remain restricted until the majority of users are updated with the fix. It also retains the limit if there is a bug in a third-party library that other projects depend on as well but have not yet been fixed.

This update contains 37 security fixes. The following highlights the modifications provided by outside researchers. See the Chrome security page for more information.

[$TBD][1275020] Important CVE-2022-0096: Used after freed in storage. Reported by Yangkang (@dnpushme) of 360 ATA on 2021-11-30

[$10000][1117173] High CVE-2022-0097: Improper implementation in DevTools. Reported by David Erceg on 2020-08-17

[$10000][1273609] High CVE-2022-0098: Used after being released by screen capture. Reported by @ginggilBesel on 2021-11-24

[$5000][1245629] High CVE-2022-0099: Used after being released by sign-in. Reported by Rox on 2021-09-01

[$TBD][1238209] High CVE-2022-0100: Media Stream API heap buffer overflow. OPPO Mobile Telecommunications Corp. Ltd. on 2021-08-10.Reported by Cassidy Kim of Amber Security Lab

[$TBD][1249426] High CVE-2022-0101: Bookmark heap buffer overflow. Reported by Raven (@raid_akame) on 2021-09-14

[$TBD][1260129] High CVE-2022-0102: Type confusion in V8. Reported by Brendon Tiszka on 2021-10-14

[$TBD][1272266] High CVE-2022-0103: Used after being released by SwiftShader. Reported by Abraluddin Khan and Omair on 2021-11-21

[$TBD][1273661] High CVE-2022-0104: ANGLE heap buffer overflow. Reported by Abraluddin Khan and Omair on 2021-11-25

[$TBD][1274376] High CVE-2022-0105: After using for free in PDF. OPPO Mobile Telecommunications Corp. Ltd. on 2021-11-28.Reported by Cassidy Kim of Amber Security Lab

[$TBD][1278960] High CVE-2022-0106: Used after being released by autofill. Reported by Khalil Zhani on 2021-12-10

[$10000][1248438] Medium CVE-2022-0107: Used after release by File Manager API. Reported by raven (@raid_akame) on 2021-09-10

[$5000][1248444] Medium CVE-2022-0108: Improper implementation in navigation. Reported by Luan Herrera (@lbherrera_) on 2021-09-10

[$4000][1261689] Medium CVE-2022-0109: Improper implementation with autofill. Reported by Young Min Kim (@ylemkimon) of CompSec Lab, Seoul National University on 2021-10-20

[$3000][1237310] Medium CVE-2022-0110: The autofill security UI is incorrect. Reported by Alesandro Ortiz on 2021-08-06

[$3000][1241188] Medium CVE-2022-0111: Improper implementation in navigation. Reported by garygreen on 2021-08-18

[$3000][1255713] Medium CVE-2022-0112: The security UI of the browser UI is incorrect. Reported by Thomas Orlita on 2021-10-04

[$1000][1039885] Medium CVE-2022-0113: Improper implementation in Blink. Reported by Luan Herrera (@lbherrera_) on 2020-01-07

[$TBD][1267627] Medium CVE-2022-0114: Memory access outside the range of Web serial. Reported by Looben Yang on 2021-11-06

[$NA][1268903] Medium CVE-2022-0115: Uninitialized use in the File API. Reported by Mark Brand of Google Project Zero on 2021-11-10

[$TBD][1272250] Medium CVE-2022-0116: Improper implementation in synthesis. Reported by Irvan Kurniawan (sourc7) on 2021-11-20

[$TBD][1115847] Low CVE-2022-0117: Service Worker policy bypass. Reported by Dongsung Kim (@ kid1ng) on ​​2020-08-13

[$TBD][1238631] Low CVE-2022-0118: Improper implementation in WebShare. Reported by Alesandro Ortiz on 2021-08-11

[$TBD][1262953] Low CVE-2022-0120: Improper implementation of passwords. Reported by CHAKRAVARTHI (Ruler96) on 2021-10-25

We would also like to thank all the security researchers who helped us during the development cycle to prevent security bugs from reaching stable channels. As always, ongoing internal security work was responsible for various fixes.

Many security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.

Interested in switching release channels? See how to do it here. If you find a new issue, please report the bug and let us know. The Community Help Forum is also a great place to ask for help and learn about common issues.

Prudhvikumar Bommana Google Chrome

Sources 1/ https://Google.com/ 2/ https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html

