The update will also hit Chrome browsers automatically when available after a restart. BleepingComputer noted it was able to access the update immediately by accessing Chrome menu > Help > About Google Chrome. The update is compatible with Windows, Mac, and Linux systems. The update version 1.121 addressing CVE-2023-2033 is currently available for Chrome users in the Stable Desktop channel and will roll out to all users over several days and weeks. “We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but haven’t yet fixed.” It is to Google’s credit that it consistently fixes high level attacks within days of their discovery, but the fixes only become effective once its billions of users restart their browsers.“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” Google said. If the update is not yet available for your browser, it is important that you check regularly for the new version.Īnd remember the critical final step: after updating, you must restart your browser to be protected. If your Chrome browser version is listed as. To check if you are protected, navigate to Settings > Help > About Google Chrome. Google warns users that this “will roll out over the coming days/weeks” so it is important to note that you may not be able to protect yourself immediately. In response to these new threats, Google has released a new version of Chrome. Chrome has already suffered 15 zero-day hacks in 2021 but the last was confirmed in October. The good news? No zero-day hacks have been reported. With an overflow, critical data structures can be overwritten which makes it an ideal target for hackers. Also known as ‘Heap Smashing’, memory on the heap is dynamically allocated and typically contains program data. Heap buffer overflow flaws also remain a popular route of attack. High - CVE-2021-4067: Use after free in window manager.High - CVE-2021-4066: Integer underflow in ANGLE.High - CVE-2021-4065: Use after free in autofill.High - CVE-2021-4064: Use after free in screen capture.Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on High - CVE-2021-4063: Use after free in developer tools.Reported by Leecraso and Guang Gong of 360 Alpha Lab on High - CVE-2021-4062: Heap buffer overflow in BFCache.High - CVE-2021-4059: Insufficient data validation in loader.Reported by Abraruddin Khan and Omair on High - CVE-2021-4058: Heap buffer overflow in ANGLE.Reported by Sergei Glazunov of Google Project Zero on
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |