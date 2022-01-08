



01/07 Updated below.This post was originally published on January 5th

Google Chrome users need to be careful. After a record number of attacks last year, Google has already issued the first serious new upgrade warning for 2022 to 2 billion users in all browsers.

37 new vulnerabilities discovered in Google Chrome

More Information from Forbes, Light Rocket via Getty Images Microsoft Launches Privacy, Security, Trust Attacks on Chrome Browser By Gordon Kelly

Google confirmed the news in a new blog post, revealing that 37 stunning security vulnerabilities have been discovered. Google has classified 10 of these vulnerabilities as high threat levels with further hacking, which are ranked as extremely dangerous. Linux, macOS, and Windows users are all affected and need immediate attention.

01/05 Update: Google may have pushed a major new version of Chrome to counter these threats, but the update isn’t working well on all platforms. Chrome users of iOS, discovered by 9to5Google, report that the new version is completely unavailable. According to fast-growing reports on both Reddit and the Google Chrome Help Forum, the browser freezes within seconds of opening it, and restarting and reinstalling does not fix the browser.

9to5Google was also able to reproduce the issue and confirmed that it only happened after Chrome was updated to version 97. This is a version released by Google on all platforms, including Windows, macOS, and Linux, but it’s primarily affected by iPhone owners. .. Some users have found that clearing the browser cache can solve the problem, but in most cases the browser freezes too fast to open the settings and make this change. We expect Google to issue an urgent fix, but until then, iPhone owners are advised to avoid Chrome 97 satisfactorily.

Google is currently limiting information about all new attacks to buy time for Chrome users, but reveals areas targeted by these top threats.

Important-CVE-2022-0096: Used after freed in storage. 2021-11-30 High 360 ATA Report by Yangkang (@dnpushme)-CVE-2022-0097: Improper implementation in DevTools. 2020-08-17 High Report by David Erceg-CVE-2022-0098: Used after being released in a screen capture. 2021-11-24 High Report by @ginggilBesel-CVE-2022-0099: Used after being released by sign-in. Rox reported on 2021-09-01 High-CVE-2022-0100: Media Stream API heap buffer overflow. OPPO Mobile Telecommunications Corp. Ltd. Cassidy Kim of Amber Security Lab in Amber Security Lab reported on 2021-08-10. High-CVE-2022-0101: Bookmark heap buffer overflow. 2021-09-14 High-CVE-2022-0102: Type confusion in V8 was reported by raven (@raid_akame). Report 2021-10-14 High by Brendon Tiszka-CVE-2022-0103: Used after being released by SwiftShader. Reported by Abraddin Khan and Omair at 2021-11-21 High-CVE-2022-0104: Heap buffer overflow on ANGLE. Reported by Abraddin Khan and Omair at 2021-11-25 High-CVE-2022-0105: Use for free in PDF. OPPO Mobile Telecommunications Corp. Ltd. Cassidy Kim from Amber Security Lab reports to 2021-11-28 High-CVE-2022-0106: Free to use with autofill. Reported by Khalil Zhani on 2021-12-10

It may be the New Year, but these threats follow familiar patterns. Use-After-Free (UAF) exploits have been the preferred route of attacks against Chrome for the past few months and are once again the majority of exploits. Since September, nearly 50 UAF vulnerabilities have been discovered in Chrome. A UAF vulnerability is a memory exploit that occurs when a pointer to memory cannot be cleared after a program has been released.

Heap buffer overflow flaws are still a popular attack route. Memory on the heap, also known as heap smashing, is dynamically allocated and usually contains program data. Overflows can overwrite critical data structures, making them an ideal target for hackers.

What to do

In response to these threats, Google has released a major new version of Chrome, Chrome 97, to all users. Google warns that this release (exact version number 97.0.4692.71) will be rolled out over the next few days / weeks. This means that you may not be able to protect yourself immediately.

Google Chrome must be restarted after the update before it can be protected.

Gordon Kelly

To check if it is protected[設定]>[ヘルプ]>[GoogleChromeについて]Go to. If your Chrome browser says 97.0.4692.71 or later, it’s safe. If updates are not yet available in your browser, it is important to check for new versions on a regular basis. Also, keep in mind that it is important to restart your browser after the update as it will not be protected until you update. What many users have forgotten.

Browser hacks broke the record in 2021 and are fully hoping that they will be destroyed again in 2022. So start the new year with good deeds and then check your browser version. Do it now.

