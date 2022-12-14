



Microsoft wasn’t the only one to distribute security updates this week. Google is busy on that front as well. In addition to fixing Mojo, Google also secured Aura. If that’s not enough, a few blinks are done for a good measure.

No, I didn’t get into the festive spirit early on. We’re talking about the latest Google Chrome security updates for Windows, Mac, Linux, and Android users.

Patch Tuesday extends beyond the world of Microsoft products

This week is Patch Tuesday week. This usually means that many vendors release security updates for their products at the same time and for the same reason. Microsoft, Adobe, Oracle, and others all release security patches on the second Tuesday of each month, giving organizations time to organize their patching schedules. Tuesday was chosen so that not only would we know well in advance when these large instances of updates would be dropped, but that any issues would be apparent by the end of the week. security updates frequently, and December was no exception.

For Windows, MacOS and Linux users, an update to Google Chrome version 108.0.5359.124 (some Windows users may see it as version 108.0.5359.125) will reach the desktop version in the coming days and weeks you will notice that

Google Chrome Mojo, Aura and Blink in the security spotlight

There were a total of eight security issues addressed, five of which have brief details. Four of these are high-severity vulnerabilities, so we’ll focus on them. As is standard with Google, no detailed technical description of the vulnerability has been made public at this time. This is to allow the vast majority of Google Chrome users to update first, leaving potential attackers behind. We sort these into his three categories: Mojo, Aura, and Blink.

Google Chrome Mojo security update

CVE-2022-4437 is where the Mojo fix for Google Chrome comes in. What is Chrome, you might be wondering. Sadly, it’s not as exciting as the dictionary definition of the word suggests. There are no magic spells involved here and nothing to do with sex appeal. Rather, the Mojo in question is a collection of runtime libraries. It may not be exciting, but it’s such an important part of the world of Chrome code that any vulnerability should be taken seriously. After publicly disclosing the Chrome Mojo interprocess communication (IPC) vulnerability for free, Google asked security researcher koocola’ and Guang Gong of his 360 Vulnerability Research Institute for cool to disclose this usage. That’s why I paid $6,000.

Google Chrome Aura Security Update

CVE-2022-4439 is another free-to-use vulnerability, also highly rated, but this time within Aura in Google Chrome. Sorry to disappoint you again, but there are no parapsychological connections here, rather boring technical stuff. According to the Google Chromium User Interface Platform documentation, Aura “abstracts the Window Manager from Chromium on Windows, Linux, and Chrome OS.” This vulnerability was reported by a security researcher who requested anonymity, and a bounty payment has not yet been determined in this case.

Google Chrome Blink Security Update

Blink is an open source browser layout and rendering engine, developed by Google and many other notables. CVE-2022-4436 is a Blink Media vulnerability and CVE-2022-4438 is a Blink Frames vulnerability. Both were disclosed by an anonymous researcher, the first bounty was $7,000, the second he was $1,500.

Google Chrome updates automatically for most users, but this is not the case for everyone. In particular, users who leave a large number of tags open and rarely restart their browsers are at risk of remaining unpatched for these latest vulnerabilities. Therefore, it is recommended to force the update. This should only take a minute or two at most.

in the Google Chrome menu[ヘルプ|バージョン情報]Go to options. If an update is available, the download will start automatically. It may take several days for the update to reach everyone. If you haven’t seen it yet, please be patient. Also, don’t forget to restart your browser after installing updates. It will not take effect without a reboot, leaving you vulnerable to attack.

Make sure your Chrome browser is patched and has updates enabled

Other web browsers that use the Chromium engine will also need an update, so we should see these on Edge, Brave, Opera, and others in the near future.

Security updates for Chrome for Android

Chrome for Android has been updated to version 108.0.5359.128. This will take a few days to become available to users on Google Play. Google’s Chrome program manager Krishna Govind confirmed that it contains “the same security fixes as the corresponding desktop release unless otherwise stated.”

