Google warns users against critical and high threat flaws found in Chrome
Google is no stranger to cyberattacks. Now, the tech company has again issued an urgent warning against its Chrome users because of new vulnerabilities found.
The thing is, the warning issued comes just weeks after the previous urgent update was issued too. The tech company has just found 26 new vulnerabilities in the system.
And get this, 15 of these flaws pose a ‘High’ threat level to its estimated two billion Chrome users. Meanwhile, one is classified as a ‘Critical’ threat.
Related:
- Google issues another warning to its 2 billion Chrome users
- Google alerts users of four high-level vulnerabilities, urges them to update Chrome now
- Change your browser privacy settings on Chrome, Firefox, and more–You could be exposed to hackers for all you know
‘Critical’ and ‘high’ flaws threaten Chrome users
Chrome has an estimated two active billion users worldwide. Google published a blog published last January 19, wherein the company detailed the new vulnerabilities discovered.
There are a total of 26 threats the company disclosed, 15 of which are labeled as “high risk.” It is very likely that users who have not updated their operating systems have greater threat risk.
It is said that Linux, macOS, and Windows users are the most at risk. Additionally, these users are encouraged to update their Chrome browsers to the latest version as soon as possible.
Google released its last update last January 4, and in it there were 38 vulnerabilities found. Eleven of those were found to be “high risk” by the tech company, while one being critically dangerous.
Read: DELETE Google Chrome browser on Android now, cybersecurity expert warns users
Before, Google would share details of the threats as well as their solutions. But, with regard to the latest vulnerabilities discovered, the tech company is mum when it comes to explanations.
Google has restricted information about the cyberattacks to allow time for users to update their Chrome browsers before cybercriminals can take advantage of thee vulenrabilities.
“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” says Google in a blog posted last January 19.
According to Forbes, many of the vulnerabilities listes are ‘Use-After-Free’ (UAF). What happens is that these vulnerabilities are exploits created when a program does not clear the pointer to the memory after it is freed.
UAF exploits are very popular amongst Google hackers, as many of the previous threats have been pretty similar.
It was reported that Google experienced the record-breaking number attacks in 2021. And for this very reason, it is important to keep your Chrome browsers updated at all times to lower your threat risk.
Also read: Google fights off zero-day vulnerability in new Chrome update
The complete critical and high vulnerabilities
Below is the complete list of critical and high threat Google discovered:
- Critical CVE-2022-0289: Use after free in Safe browsing. Reported by Sergei Glazunov of Google Project Zero on 2022-01-05
- High CVE-2022-0290: Use after free in Site isolation. Reported by Brendon Tiszka and Sergei Glazunov of Google Project Zero on 2021-10-15
- High CVE-2022-0291: Inappropriate implementation in Storage. Reported by Anonymous on 2021-12-19
- High CVE-2022-0292: Inappropriate implementation in Fenced Frames. Reported by Brendon Tiszka on 2021-11-16
- High CVE-2022-0293: Use after free in Web packaging. Reported by Rong Jian and Guang Gong of 360 Alpha Lab on 2021-12-30
- High CVE-2022-0294: Inappropriate implementation in Push messaging. Reported by Rong Jian and Guang Gong of 360 Alpha Lab on 2021-11-23
- High CVE-2022-0295: Use after free in Omnibox. Reported by Weipeng Jiang (@Krace) and Guang Gong of 360 Vulnerability Research Institute on 2021-12-09
- High CVE-2022-0296: Use after free in Printing. Reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute on 2021-12-30
- High CVE-2022-0297: Use after free in Vulkan. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2021-11-28
- High CVE-2022-0298: Use after free in Scheduling. Reported by Yangkang (@dnpushme) of 360 ATA on 2021-05-25
- High CVE-2022-0300: Use after free in Text Input Method Editor. Reported by Rong Jian and Guang Gong of 360 Alpha Lab on 2021-12-01
- High CVE-2022-0301: Heap buffer overflow in DevTools. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-12-03
- High CVE-2022-0302: Use after free in Omnibox. Reported by Weipeng Jiang (@Krace) and Guang Gong of 360 Vulnerability Research Institute on 2021-12-10
- High CVE-2022-0304: Use after free in Bookmarks. Reported by Rong Jian and Guang Gong of 360 Alpha Lab on 2021-12-22
- High CVE-2022-0305: Inappropriate implementation in Service Worker API. Reported by @uwu7586 on 2021-12-23
- High CVE-2022-0306: Heap buffer overflow in PDFium. Reported by Sergei Glazunov of Google Project Zero on 2021-12-29
More JOA tech news: