New Chrome update closes 11 gaps

Frank Ziemann

Almost two weeks ago, Google updated its Chrome browser to version 100. After the first security update from April 4th, a second update to version 100.0.4896.88 is now available for Windows, macOS and Linux. In the Chrome Release Blog, PrudhviKumar Bommana lists the ten fixed vulnerabilities that were discovered by external researchers and reported to Google. There are no 0-day gaps underneath.

Google classifies eight of the ten externally discovered vulnerabilities as high risk. Among them are several use-after-free vulnerabilities in various browser components. Two gaps are considered medium risk. Overall, Google has awarded $13,000 in rewards so far, but reward amounts have not yet been determined for a number of gaps. As always, Google has not published any details about the internally found vulnerability. As a rule, Chrome updates itself automatically when a new version is available.

▶The latest security updates

Other Chromium-based browsers

The manufacturers of other Chromium-based browsers are again required to follow suit with appropriate updates. Brave, Microsoft (Edge) and Vivaldi are already up to date with the first security update for Chrome 100. Opera still has the transition to Chromium 100 ahead of it. Opera 85.0.4341.60 still contains Chromium 99.0.4844.84, which corresponds to the security level of the last Chrome release before 100. Opera 86 (with Chromium 100) is still in beta. That means Opera is already three security updates and 40 vulnerabilities behind schedule.

Chrome 100.0.4896.85 for iOS is also already available. Google will release Chrome 101 on April 26th.

Chromium-based browsers at a glance: