Google reveals five high-risk flaws in Chrome browser
Google recently released Chrome 93. Along with its unveiling came the announcement that the latest update fixed a series of serious flaws.
According to Google’s blog post announcing Chrome 93, the latest version of the Web browser fixed 27 security flaws, and five of those flaws carried a ‘high’ risk ranking. As usual, Google kept the details minimal to avoid alerting hackers of what the flaws entailed, but the five biggest ones were use after free (UAF) vulnerabilities.
The five high-risk use after free flaws were CVE-2021-30606: use after free in Blink; CVE-2021-30607: Use after free in Permissions; CVE-2021-30608: Use after free in Web Share; CVE-2021-30609: Use after free in Sign-In; and CVE-2021-30610: Use after free in Extensions API.
UAF flaws indicate incorrect dynamic memory use during program operation. If the program fails to clear the memory pointer after it’s free, a threat actor can exploit the program. It’s unclear what cyber attacks a hacker could pull off in these cases, but the high-risk rating likely means there were potential serious consequences.
Chrome has had its share of security issues lately, including four high-risk UAF flaws in August and eight zero-day exploits in 2021 alone.
How do you know if your Chrome version is affected by these flaws? Open Chrome and head to Settings > Help > About Google Chrome. If your browser indicates you have Chrome version 93.0.4577.63 or above, you’re in good shape. If you have an older version, Chrome will immediately recommend you update and restart your browser.
Despite flaws, Chrome remains the market leader in Web browsers, with well over 2 billion users. And there’s no sign it’ll slow down anytime soon.
© Dennis Publishing