Google has come up with a Chrome update for Windows, Mac, and Linux this week that addresses 37 security issues, one of which was rated critical, and ten of them had a high severity rating. Prudhvikumar Bommana of Google Chrome commended hundreds of security researchers who collaborated with them throughout the development cycle to ensure that no security flaws made it to the stable channel.
CVE-2022-0096, a severe use-after-free (UAF) vulnerability, as well as CVE-2022-0098, CVE-2022-0099, CVE-2022-0103, CVE-2022-0105, and CVE-2022-0106, are all fixed in the latest Chrome 97.0.4692.71 version. Google did not indicate whether any of the vulnerabilities had been misused. Still, BreachQuest CTO Jake Williams said he was unaware of any of them being actively exploited in the wild.
According to Williams, most home customers will automatically get new updates. However, he emphasized that corporate customers who do not have administrative access to their devices will have to rely on systems administrators to deploy an upgrade. In October, Google addressed two previously undisclosed, high-severity zero-day bugs in Chrome for Windows, Mac, and Linux. According to Google, both exploits have been discovered in the wild.
In 2021, Google fixed at least 14 zero-day vulnerabilities. According to Viakoo CEO Bud Broomhead, it’s worth noting that stable channel releases are now more focused on correcting cyber vulnerabilities than introducing new functionality. “Stable is now becoming ‘cyber safe to use’ as opposed to ‘won’t crash your machine,’ a meaningful difference with the onslaught of cyber vulnerabilities,” Broomhead said.