Google Chrome update includes 37 security fixes

Google rolled out an update for Chrome this week on Windows, Mac and Linux that included 37 security fixes, one of which was rated critical. 

Google Chrome’s Prudhvikumar Bommana thanked dozens of security researchers for helping them find bugs, many of which were given a high severity rating. 

Chrome 97.0.4692.71 includes fixes for CVE-2022-0096 — a critical use-after-free (UAF) vulnerability — as well as other UAFs like CVE-2022-0098, CVE-2022-0099, CVE-2022-0103, CVE-2022-0105 and CVE-2022-0106. There are also three heap buffer overflow issues rated high severity. 

Google did not say if exploits exist for any of the vulnerabilities but BreachQuest CTO Jake Williams said he was not aware that any of these vulnerabilities are being actively exploited in the wild. 

Most home users will receive updates automatically, Williams noted. But he explained that enterprise users who lack administrative permissions on their machines will rely on systems administrators to push an update. 

In October, Google fixed two previously unknown, high-severity zero-day flaws in a Chrome update for for Windows, Mac and Linux. Exploits for both were found in the wild, according to Google. 

Google patched at least 14 zero-days in 2021. 

Viakoo CEO Bud Broomhead said it is notable that stable channel releases are now focused on fixing cyber vulnerabilities more than delivering new functionality.  

“Stable is now becoming ‘cyber safe to use’ as opposed to ‘won’t crash your machine,’ a meaningful difference with the onslaught of cyber vulnerabilities,” Broomhead said.