Chrome on desktop gets emergency patch to prevent hacker attack — what to do

1. Dwelling
2. News
3. Security

Chrome on desktop gets emergency patch to prevent hacker assail — what to do

(Paradigm credit: tanuha2001 / Shutterstock.com)

It'due south time to update desktop Google Chrome once over again. Google released an emergency patch on Friday (September 24) to prepare a single "zero-twenty-four hour period" flaw that's currently out in the wild.

To update to the new version, Chrome 94.0.4606.61 for Windows, Mac and Linux, it'south often enough to only close Chrome and and so launch it again. Some Linux distributions need to await for the next motorcoach update bundle, notwithstanding.

• 3 unpatched iOS 15 security flaws posted online — what yous need to know
• Best net security suites to protect all your computers and smartphones
• Plus: Don't use these Chinese smartphones, European government warns

If turning Chrome off and turning it back on again doesn't work, then employ your mouse cursor to click the iii vertical dots at the top right of the browser window. Elevate your cursor downwardly to hover over Aid in the drop-downwards menu, and then click About Google Chrome in the fly-out menu.

A new browser tab will open up and tell you whether your browser is up-to-date or not. If not, it will download the update and prompt you to relaunch.

Portals to what might exist a pretty serious flaw

The vulnerability beingness resolved here, catalogued equally CVE-2021-37973, appears to involve a use-later on-free memory-handling issue in Portals, 1 that might permit a malicious application or function to grab that retention infinite while it'due south up for grabs.

No discussion on who's using it to attack whom, but it must be pretty bad if Google is updating Chrome to ready this one flaw, simply iii days later on a major update to Chrome 94.

Portals is a fairly new browser function that lets 1 web page embed elements inside some other in a fashion that permits "seamless and instant navigations between pages," co-ordinate to a GitHub page explaining Portals.

We don't quite become information technology either, simply a video on a Google-run spider web developers' site shows images from one website actualization in another site'south page, and then taking over the page when the user clicks on the images without having to reload another site. That's nice.

That'southward all nosotros know about the flaw so far, other than Google stating that it "is aware that an exploit for CVE-2021-37973 exists in the wild."

The flaw's discovery is credited to Clément Lecigne of Google Threat Analysis Group, who apparently got "technical assistance" from Sergei Glazunov and Mark Make of Google's Project Zero team.

Lecigne was also credited as one of the co-discoverers of an iOS and macOS flaw that Apple tree patched Thursday (Sept. 23). There's no indication all the same that the two flaws are related.

Google as well maintains and updates the Chromium open up-source project that is the foundation of many other browsers, including Dauntless, Microsoft Edge, Opera and Vivaldi.

None of those four browsers had updated to the newest version of Chromium at the time of this writing.

Chrome timeline of updates

Past our count, this is the 12th zero-twenty-four hours flaw that Google has patched in Chrome for the desktop this year. Here's a timeline of the most recent (and not-so-recent) Chrome desktop updates.

• Sept. 24: 94.0.4606.61
• Sept. 21: 94.0.4606.54
• Sept. 13: 93.0.4577.82
• Aug. 31: 93.0.4577.63
• Aug. 16: 92.0.4515.159
• Aug. ii: 92.0.4515.131
• July 20: 92.0.4515.107
• July fifteen: 91.0.4472.164
• June 24: 91.0.4472.123/.124
• June 17: 91.0.4472.114
• June 14: 91.0.4472.106
• June nine: 91.0.4472.101
• May 25: 91.0.4472.77
• May ten: 90.0.4430.212
• Apr 26: xc.0.4430.93
• April xx: 90.0.4430.85
• Apr 14: xc.0.4430.72
• April thirteen: 89.0.4389.128
• March 30: 89.0.4389.114
• March 12: 89.0.4389.90
• March 5: 89.0.4389.82
• March ii: 89.0.4389.72

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul commuter, code monkey and video editor. He's been rooting effectually in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown upwards in random Tv news spots and fifty-fifty moderated a panel discussion at the CEDIA abode-technology briefing. You lot can follow his rants on Twitter at @snd_wagenseil.

Source: https://www.tomsguide.com/news/chrome-94-0-emergency-patch

Posted by: sevignymues1965.blogspot.com

Share this post