Update to Chrome 100 closes 28 gaps

Frank Ziemann

Google updated Chrome to version 100.0.4896.60. This makes Chrome the first browser to have a three-digit major version number. Edge will follow suit in the next few days, Firefox is scheduled to follow on May 3rd. Web developers who query the browser version number in scripts should check their code to ensure that it can handle it correctly.

In the Chrome Release Blog, Srinivas Sista lists the 20 vulnerabilities that external researchers have discovered and reported to Google. Among them are nine vulnerabilities classified as high risk. Another ten gaps are considered medium risk. Among the latter, CVE-2022-1135 is the vulnerability whose discoverer receives the highest reward. Wei Yuan gets $16,000 for the use-after-free loophole in the Shopping Cart component.

▶The latest security updates

Overall, Google has awarded $51,000 in rewards so far, but reward amounts have not yet been determined for a number of gaps. As always, Google has not published any details about the internally found vulnerabilities. As a rule, Chrome updates itself automatically when a new version is available.

Other Chromium-based browsers

The manufacturers of other Chromium-based browsers now have to follow suit and update their programs as well. After the emergency update for Chrome 99 on March 25, Microsoft (Edge), Brave and Vivaldi reacted quickly and also provided updates the following day. Opera 85.0.4341.28, on the other hand, was only released on March 29, a few hours before Chrome 100. So, before this Chrome update, all four browsers were at the current security level.

Chrome 100.0.4896.58 for Android and Chrome 100.0.4896.56 for iOS are also already available. Google will release Chrome 101 on April 26th.

Chromium-based browsers at a glance: