Google has warned its 3.2 billion Chrome users to update their browser immediately to fix 30 hacking vulnerabilities. While information about the hacker(s) is not known, Google said the latest Chrome version 101.0.4951.41 also protects third-party browsers such as Windows, Mac, and Linux among others.
Although the latest Chrome fixes have been released and the browser will automatically update in the next few days globally, security experts warn users to not wait for an automatic update; they can manually update their browser by going to Settings. Out of the 30 identified vulnerabilities, seven were rated as high risk and 14 were rated as medium risks, and the rest were not obviously classified.
The US Cybersecurity and Infrastructure Security Agency (CISA) urged internet browsers to take a cue from Google Chrome and update their software too. The agency said it “encourages users and administrators to review the Chrome release notes and apply the necessary patches” to forestall any security breach of personal data.
Internal sources revealed Google paid out in excess of $80,000 to researchers who discovered the security breaches. The company also said it may hold back hack details until most Chrome users and other related browser users have updated their software. “We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed,” the company said.
The seven high-risk vulnerabilities are as follows:
- CVE-2022-1477: Use after free in Vulkan.
- CVE-2022-1478: Use after free in SwiftShader.
- CVE-2022-1479: Use after free in ANGLE.
- CVE-2022-1480: Use after free in Device API.
- CVE-2022-1481: Use after free in Sharing.
- CVE-2022-1482: Inappropriate implementation in WebGL.
- CVE-2022-1483: Heap buffer overflow in WebGPU.
Browser users are advised to restart their computers after installing the necessary updates for them to become activated.
