Google Chrome update addresses 25 security bugs
Seven of the flaws are rated as 'high'-level threats
Google on Monday released Chrome 96 - the next stable update for its Chrome web browser - bringing a slew of new changes and security fixes to the browser.
In a blog post, the Chrome team said that the new update will roll out over the coming days/weeks to all users across various platforms, including PCs and mobiles.
In the post, Google confirmed 25 new security bugs, which were discovered by internal and external researchers over the last two weeks and which have now been fixed in Chrome 96.0.4664.45.
Seven of the vulnerabilities addressed are rated as 'High' level threats.
As is the standard practice, Google said it was restricting access to details, until a majority of users are updated with a fix.
The company, therefore, released only the following information about the High level threats:
- CVE-2021-38005: Use after free in loader. Reported by Sergei Glazunov of Google Project Zero
- CVE-2021-38006: Use after free in storage foundation. Reported by Sergei Glazunov of Google Project Zero
- CVE-2021-38007: Type Confusion in V8. Reported by Polaris Feng and SGFvamll at Singular Security Lab
- CVE-2021-38008: Use after free in media. Reported by Marcin Towalski of Cisco Talos
- CVE-2021-38009: Inappropriate implementation in cache. Reported by Luan Herrera
- CVE-2021-38010: Inappropriate implementation in service workers. Reported by Sergei Glazunov of Google Project Zero
- CVE-2021-38011: Use after free in storage foundation. Reported by Sergei Glazunov of Google Project Zero
In addition, Google has also patched the following Medium level flaws in its Chrome browser.
- CVE-2021-38012 - Type Confusion in V8
- CVE-2021-38013 - Heap buffer overflow in fingerprint recognition
- CVE-2021-38014 - Out of bounds write in Swiftshader
- CVE-2021-38015 - Inappropriate implementation in input
- CVE-2021-38016 - Insufficient policy enforcement in background fetch
- CVE-2021-38017 - Insufficient policy enforcement in iframe sandbox
- CVE-2021-38018 - Inappropriate implementation in navigation
- CVE-2021-38019 - Insufficient policy enforcement in CORS
- CVE-2021-38020 - Insufficient policy enforcement in contacts picker
- CVE-2021-38021 - Inappropriate implementation in referrer
Security experts advise users to keep their Chrome software up-to-date at all times, to combat emerging threats.
Users can check for updates by navigating to Help > About Google Chrome to confirm their Chrome browser version. If the version is listed as 96.0.4664.45 or above, they don't need to take any further action. If not, the 'About' screen should prompt the user to update their browser. Once the update has downloaded, the user must restart the browser for the protection to start working.
More than two billion people currently use Chrome worldwide, and it is one of cybercriminals' prime targets.
After the release of Chrome 96 this week, many users who updated the browser to the latest version said they were facing problems with Twitter, Instagram, Discord and more. Users said they received the message: 'Something went wrong. Try reloading.'
Some Twitter users reported images not displaying, GIFs turning black, or videos unable to play.
The issues have been reported to Google in a Chromium bug post where the company staff said they were investigating the issue.