Critical Security Alert for Google Chrome Users in 2024
Written on
Chapter 1: Urgent Caution for Chrome Users
Google Chrome users are advised to exercise extreme caution. The tech giant has recently issued a major security alert, marking the first significant upgrade warning of 2022 for its two billion users, triggered by an unprecedented rise in security threats last year.
In a follow-up blog post, Google confirmed that a total of 37 security vulnerabilities have been identified. Among these, ten were classified as 'High' risk, with one specific vulnerability deemed critically dangerous. All users on Linux, macOS, and Windows platforms are at risk and should take immediate action.
Google is currently keeping details about the new threats under wraps to allow Chrome users additional time to respond. However, it has pointed out where the most severe threats are concentrated, such as:
- CVE-2022–0096: A critical vulnerability involving use after free in Storage, reported by Yangkang (@dnpushme) on November 30, 2021.
- High Risk - CVE-2022–0097: An inappropriate DevTools implementation, reported by David Erceg on August 17, 2020.
- High Risk - CVE-2022–0098: Use after free in Screen Capture, reported by @ginggilBesel on November 24, 2021.
- High Risk - CVE-2022–0099: Use after signing up for free, reported by Rox on September 1, 2021.
- Heap Buffer Overflow in Media Streams API (CVE-2022–0100): Reported by Cassidy Kim from Amber Security Lab at OPPO Mobile on August 10, 2021.
- High Risk - CVE-2022–0101: Bookmarks heap buffer overflow, reported by raven (@raidakame) on September 14, 2021.
- CVE-2022–0102: Type Confusion in V8, reported by Brendon Tiszka on October 14, 2021.
- High Risk - CVE-2022–0103: Use after free in SwiftShader, reported by Abraruddin Khan and Omair on November 21, 2021.
- CVE-2022–0104: Heap buffer overflow in ANGLE, reported on November 25, 2021.
- High Risk - CVE-2022–0105: Use in PDF after free, reported by Cassidy Kim on November 28, 2021.
- High Risk - CVE-2022–0106: Use after free in Autofill, reported by Khalil Zhani on December 10, 2021.
These vulnerabilities follow a familiar pattern, with 'Use-After-Free' (UAF) vulnerabilities emerging as the primary attack method on Chrome. Since September, roughly 50 UAF flaws have been identified. This type of memory exploitation occurs when software fails to remove the pointer to the memory after it has been released.
Heap buffer overflow vulnerabilities continue to be a significant concern as well. Known as 'Heap Smashing,' these attacks target the memory space where crucial data is stored. An overflow can manipulate important data formats, making it a prime target for cybercriminals.
Possible Remediations:
In response to these threats, Google has rolled out Chrome 97, a crucial update designed to address these vulnerabilities. The precise version number for this update is 97.0.4692.71 and is expected to be deployed over the coming days and weeks. This means some users might not receive immediate protection.
To check if your browser is secure, navigate to Settings > Help > About Google Chrome. If your version is 97.0.4692.71 or higher, you are protected. If the latest version isn't available yet, it's crucial to check for updates frequently. Remember, after updating, you must restart your browser to ensure your security; many users often overlook this step.
This video titled "High risk warning for Google Chrome Users" discusses the recent security threats and the importance of staying updated.
Chapter 2: The Escalating Threat Landscape
As we step into the new year, the situation may appear grim. The frequency and sophistication of attacks have escalated alarmingly.
In this video titled "I didn't think the Google Chrome situation could get worse...", the presenter elaborates on the ongoing vulnerabilities and what users can do to protect themselves.