Just days after a major zero-day Chrome hack was revealed, Google has released Chrome 100 and it both breaks some websites and fixes numerous high-level security holes. Here is everything you need to know to stay safe.
A new zero-day high threat level hack has been found in Google Chrome
LIGHTROCKET VIA GETTY IMAGES
MORE FROM FORBESNew Edge, Firefox, Chrome ‘100’ Updates Will Break Some WebsitesBy Gordon Kelly
Google announced Chrome 100 on its official blog after a big build-up, which included a warning that it can stop some notable websites from working. Google also pointed out a minor change to the seven-year-old icon Chrome logo (images below). But the big news is the updated browser brings fixes for an eye-opening 28 new vulnerabilities.
Google classifies nine of these new hacks as carrying a ‘High’ threat level and warns users that all 28 vulnerabilities affect Chrome across Windows, macOS and Linux.
Sticking to security protocol, Google is restricting information about the exploits to buy time for Chrome users to upgrade. At the time of publication, all the company has revealed are the threat levels, the areas of attack and who discovered them. The nine high-level exploits are shown below:
High – CVE-2022-1125: Use after free in Portals. Reported by Khalil Zhani on 2022-01-29
High – CVE-2022-1127: Use after free in QR Code Generator. Reported by anonymous on 2022-01-28
High – CVE-2022-1128: Inappropriate implementation in Web Share API. Reported by Abdel Adim (@smaury92) Oisfi of Shielder on 2022-03-01
High – CVE-2022-1129: Inappropriate implementation in Full Screen Mode. Reported by Irvan Kurniawan (sourc7) on 2022-02-24
High – CVE-2022-1130: Insufficient validation of untrusted input in WebOTP. Reported by Sergey Toshin of Oversecurity Inc. on 2020-10-25
High – CVE-2022-1131: Use after free in Cast UI. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2022-02-15
High – CVE-2022-1132: Inappropriate implementation in Virtual Keyboard. Reported by Andr.Ess on 2022-03-07
High – CVE-2022-1133: Use after free in WebRTC. Reported by Anonymous on 2022-03-13
High – CVE-2022-1134: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2022-03-21
‘Use-After-Free’ (UAF) exploits continue to be the most successful path to hack Chrome. They comprise 13 of the 28 new vulnerabilities (4/9 High-threat exploits) and UAF attacks have now broken Chrome security 49x since the start of 2022.
To stay safe, update Chrome to its latest version (100.0.4896.60). If you are not prompted to update automatically, click the three dots in the top right corner of the browser and navigate to Settings> Help> About Google Chrome. This will force Chrome to check for updates. You must restart Chrome after updating to be protected.
Google Chrome version 100 has arrived with a lot of important security updates
Gordon Kelly
Google has already warned that the number of serious browser hacks is rising. So take no changes, update your browser right now.
___
Follow Gordon on Facebook
More On Forbes
Google Confirms Rise In Serious Chrome Attacks — And Why
Second Zero-Day Hack Hits Chrome In 2022
