Chrome on desktop gets emergency patch to prevent hacker attack — what to do

1. Home
2. News
3. Security

Chrome on desktop gets emergency patch to prevent hacker assault — what to do

(Image credit: tanuha2001 / Shutterstock.com)

Information technology's time to update desktop Google Chrome once over again. Google released an emergency patch on Fri (September 24) to ready a single "zero-day" flaw that's currently out in the wild.

To update to the new version, Chrome 94.0.4606.61 for Windows, Mac and Linux, information technology's often enough to simply close Chrome and then launch information technology again. Some Linux distributions need to look for the next double-decker update package, however.

• Three unpatched iOS fifteen security flaws posted online — what yous need to know
• All-time cyberspace security suites to protect all your computers and smartphones
• Plus: Don't apply these Chinese smartphones, European government warns

If turning Chrome off and turning information technology back on again doesn't work, and so utilize your mouse cursor to click the three vertical dots at the top right of the browser window. Drag your cursor down to hover over Assistance in the driblet-down menu, so click About Google Chrome in the wing-out carte du jour.

A new browser tab volition open and tell you whether your browser is upwardly-to-appointment or non. If not, it will download the update and prompt you to relaunch.

Portals to what might be a pretty serious flaw

The vulnerability being resolved here, catalogued as CVE-2021-37973, appears to involve a use-later-free memory-handling issue in Portals, one that might permit a malicious awarding or function to grab that memory infinite while it'south up for grabs.

No word on who's using it to attack whom, but it must be pretty bad if Google is updating Chrome to ready this one flaw, just three days afterwards a major update to Chrome 94.

Portals is a fairly new browser function that lets 1 web folio embed elements within another in a way that permits "seamless and instant navigations between pages," according to a GitHub folio explaining Portals.

We don't quite get information technology either, but a video on a Google-run web developers' site shows images from 1 website appearing in another site'south page, and so taking over the folio when the user clicks on the images without having to reload another site. That's nice.

That'southward all nosotros know about the flaw then far, other than Google stating that it "is aware that an exploit for CVE-2021-37973 exists in the wild."

The flaw'south discovery is credited to Clément Lecigne of Google Threat Analysis Group, who apparently got "technical aid" from Sergei Glazunov and Mark Brand of Google's Projection Zero team.

Lecigne was besides credited as ane of the co-discoverers of an iOS and macOS flaw that Apple patched Thursday (Sept. 23). There's no indication yet that the two flaws are related.

Google also maintains and updates the Chromium open-source project that is the foundation of many other browsers, including Dauntless, Microsoft Border, Opera and Vivaldi.

None of those four browsers had updated to the newest version of Chromium at the time of this writing.

Chrome timeline of updates

Past our count, this is the 12th cypher-day flaw that Google has patched in Chrome for the desktop this year. Hither'due south a timeline of the nearly recent (and non-so-recent) Chrome desktop updates.

• Sept. 24: 94.0.4606.61
• Sept. 21: 94.0.4606.54
• Sept. 13: 93.0.4577.82
• Aug. 31: 93.0.4577.63
• Aug. sixteen: 92.0.4515.159
• Aug. ii: 92.0.4515.131
• July 20: 92.0.4515.107
• July 15: 91.0.4472.164
• June 24: 91.0.4472.123/.124
• June 17: 91.0.4472.114
• June 14: 91.0.4472.106
• June ix: 91.0.4472.101
• May 25: 91.0.4472.77
• May ten: xc.0.4430.212
• April 26: 90.0.4430.93
• April twenty: 90.0.4430.85
• April 14: ninety.0.4430.72
• April xiii: 89.0.4389.128
• March 30: 89.0.4389.114
• March 12: 89.0.4389.90
• March 5: 89.0.4389.82
• March 2: 89.0.4389.72

Paul Wagenseil is a senior editor at Tom'south Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He'due south been rooting around in the information-security space for more xv years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown upwards in random TV news spots and even moderated a panel discussion at the CEDIA home-applied science briefing. You can follow his rants on Twitter at @snd_wagenseil.

Source: https://www.tomsguide.com/news/chrome-94-0-emergency-patch

Posted by: killgoremovelledilly.blogspot.com

Share this post