Google Chrome update addresses 25 security bugs

Image:

Google Chrome update addresses 25 security bugs

Seven of the flaws are rated as 'high'-level threats

Google on Monday released Chrome 96 - the next stable update for its Chrome web browser - bringing a slew of new changes and security fixes to the browser.

In a blog post, the Chrome team said that the new update will roll out over the coming days/weeks to all users across various platforms, including PCs and mobiles.

In the post, Google confirmed 25 new security bugs, which were discovered by internal and external researchers over the last two weeks and which have now been fixed in Chrome 96.0.4664.45.

Seven of the vulnerabilities addressed are rated as 'High' level threats.

As is the standard practice, Google said it was restricting access to details, until a majority of users are updated with a fix.

The company, therefore, released only the following information about the High level threats:

CVE-2021-38005: Use after free in loader. Reported by Sergei Glazunov of Google Project Zero
CVE-2021-38006: Use after free in storage foundation. Reported by Sergei Glazunov of Google Project Zero
CVE-2021-38007: Type Confusion in V8. Reported by Polaris Feng and SGFvamll at Singular Security Lab
CVE-2021-38008: Use after free in media. Reported by Marcin Towalski of Cisco Talos
CVE-2021-38009: Inappropriate implementation in cache. Reported by Luan Herrera
CVE-2021-38010: Inappropriate implementation in service workers. Reported by Sergei Glazunov of Google Project Zero
CVE-2021-38011: Use after free in storage foundation. Reported by Sergei Glazunov of Google Project Zero

In addition, Google has also patched the following Medium level flaws in its Chrome browser.

CVE-2021-38012 - Type Confusion in V8
CVE-2021-38013 - Heap buffer overflow in fingerprint recognition
CVE-2021-38014 - Out of bounds write in Swiftshader
CVE-2021-38015 - Inappropriate implementation in input
CVE-2021-38016 - Insufficient policy enforcement in background fetch
CVE-2021-38017 - Insufficient policy enforcement in iframe sandbox
CVE-2021-38018 - Inappropriate implementation in navigation
CVE-2021-38019 - Insufficient policy enforcement in CORS
CVE-2021-38020 - Insufficient policy enforcement in contacts picker
CVE-2021-38021 - Inappropriate implementation in referrer

Security experts advise users to keep their Chrome software up-to-date at all times, to combat emerging threats.

Users can check for updates by navigating to Help > About Google Chrome to confirm their Chrome browser version. If the version is listed as 96.0.4664.45 or above, they don't need to take any further action. If not, the 'About' screen should prompt the user to update their browser. Once the update has downloaded, the user must restart the browser for the protection to start working.

More than two billion people currently use Chrome worldwide, and it is one of cybercriminals' prime targets.

After the release of Chrome 96 this week, many users who updated the browser to the latest version said they were facing problems with Twitter, Instagram, Discord and more. Users said they received the message: 'Something went wrong. Try reloading.'

Some Twitter users reported images not displaying, GIFs turning black, or videos unable to play.

The issues have been reported to Google in a Chromium bug post where the company staff said they were investigating the issue.