Google recently released Chrome 93. Along with its unveiling came the announcement that the latest update fixed a series of serious flaws.
According to Google’s blog post announcing Chrome 93, the latest version of the web browser fixed 27 security flaws, and five of those flaws carried a “high” risk ranking. As usual, Google kept the details minimal to avoid alerting hackers of what the flaws entailed, but the five biggest ones were use after free (UAF) vulnerabilities.
The five high-risk use after free flaws were CVE-2021-30606: use after free in Blink; CVE-2021-30607: Use after free in Permissions; CVE-2021-30608: Use after free in Web Share; CVE-2021-30609: Use after free in Sign-In; and CVE-2021-30610: Use after free in Extensions API.
UAF flaws indicate incorrect dynamic memory use during program operation. If the program fails to clear the memory pointer after it’s free, a threat actor can exploit the program. It’s unclear what cyber attacks a hacker could pull off in these cases, but the high-risk rating likely means there were potential serious consequences.
Chrome has had its share of security issues lately, including four high-risk UAF flaws in August and eight zero-day exploits in 2021 alone.
RELATED RESOURCE
Challenging the rules of security
Protecting data and simplifying IT management with Chrome OS
How do you know if your Chrome version is affected by these flaws? Open Chrome and head to Settings > Help > About Google Chrome. If your browser indicates you have Chrome version 93.0.4577.63 or above, you’re in good shape. If you have an older version, Chrome will immediately recommend you update and restart your browser.
Despite flaws, Chrome remains the market leader in web browsers, with well over 2 billion users. And there’s no sign it’ll slow down anytime soon. Plus, flaws and all, Chrome still remains high on the most secure web browsers list.
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
Open source security in the spotlight as UK gov publishes fresh guidanceNews The UK government has issued guidance on how organizations should manage their use of open source software components and mitigate supply chain risks.
-
86% of enterprise codebases contain open source vulnerabilitiesNews Research from Black Duck’s annual open source security report found 86% of codebases contained open source vulnerabilities.
-
Flaws in a popular dev library could let hackers run malicious code in your MongoDB databaseNews A popular third party library of MongoDB could allow attackers to execute malicious code on company servers.
-
Microsoft defends “negligent” security approach that prolonged vulnerability fix for five monthsNews The tech giant has refuted claims that its practices have left customers “in the dark”
-
Spanish spyware outfit uncovered, develops exploits for Windows, Chrome, and FirefoxNews Google was only able to discover the company after an anonymous submission was made to its Chrome bug reporting programme
-
Google adds new security vendor plugins for Chrome, improved Chrome OS policy controls for IT adminsNews New integrations across various security pillars aim to improve Chrome OS and Chrome browser security for enterprise customers
-
Google patches second Chrome browser zero-day of 2022
News Google acted quickly to secure against the type confusion vulnerability that was under active exploitation
-
Acer Chromebook Spin 513 review: Cheap and mostly cheerfulReviews An affordable Chromebook convertible with good looks but mediocre performance
