Google has released a new security update for its Chrome browser. In it, the developers have closed 11 security holes.
Google has provided an update to Chrome 99.0.4844.74 to fix several vulnerabilities. In the Chrome Release Blog, Prudhvikumar Bommana lists ten fixed vulnerabilities that have been discovered and reported by external researchers. One of the vulnerabilities is classified as critical, none are already being exploited for attacks.
Google has identified the CVE-2022-0971 vulnerability as critical. This is a use-after-free vulnerability in the Blink Layout component, i.e. in the HTML renderer. It was discovered by Sergey Glazunov from Google’s Project Zero. Another eight vulnerabilities, almost all use-after-free vulnerabilities, are classified by Google as high risk.
▶The latest security updates
Bounties totaling $39,000 have been awarded to discoverers of the gaps to date, with bounty in some cases yet to be determined. As always, Google does not provide any information about the internally discovered vulnerability. As a rule, Chrome updates itself automatically.
Other Chromium-based browsers
The manufacturers of other Chromium-based browsers are now being asked to update their programs again. The current Microsoft Edge version 99.0.1150.39 and Brave 1.36.112 contain Chromium 99.0.4844.51. Vivaldi 5.1.2567.57 still uses Chromium version 98.0.4758.121, which has the same security status. This means that these browsers were up to date by the beginning of this week. Opera is once again lagging behind by two security updates, because Opera 84.0.4316.31 is still based on Chromium 98.0.4758.109.
Chrome 99.0.4844.78 for Android is also already available. Google will release Chrome 100 on March 29th.
Chromium-based browsers at a glance: