Update Google Chrome How to fix these 3 urgent security flaws

Update Google Chrome How to fix these 3 urgent security flaws

Google has once again updated the desktop version of its Chrome browser for Windows, Mac, and Linux, raising the version number to 900443093 and fixing nine security flaws

Unlike other Chrome security updates in the past two months, this time there are no patches for "zero-day" flaws that have been actively attacked by hackers However, it is best to update your Chrome browser now, as the bad guys can often figure out what the vulnerabilities are by analyzing code changes

On either Mac or Windows, simply click on the three vertical dots in the upper right corner of the browser window, scroll down to highlight "Help," and click "About Google Chrome" from the menu that appears

A new tab will open, indicating that your Chrome build is up to date or a newer version will be downloaded

Linux users generally need to wait until their chosen distribution pushes the Chrome update along with other normal software updates

Since Chrome shares infrastructure with Brave, Microsoft Edge, Opera, Vivaldi, and others, these browsers will eventually need to be updated as well

In Brave and Edge, click the settings icon in the upper right corner and scroll down to find "About"; in Opera and Vivaldi, click the browser logo in the upper left corner

However, as of this writing Wednesday afternoon (April 28), only Brave has been updated to version 900443093, the same as Chrome

Opera was still based on Chromium 900443085, and Vivaldi was based on Chromium 8904389128 Edge uses a slightly different version number, but if you type "edge:// version", which indicates that the current version is based on Chromium 900443085

One of the most serious flaws fixed in the new version of Chrome is a problem with the V8 JavaScript engine

Like these flaws, this new flaw is harmless unless the browser's "sandbox" is turned off, in which case it could be used to hijack a computer's operating system

Singular Security Lab researcher Gengming Liu disclosed the flaw to Google on April 15 and plans to collect a $15,000 "bug bounty" for his discovery

Most Chromium-based browsers have sandboxing turned on by default However, desktop applications that use Chromium, such as Slack, Discord, Spotify, Bitwarden, WhatsApp, Twitch, Microsoft Teams, and Skype, may have the sandbox turned off Therefore, be careful updating these applications

Two other highly critical flaws discovered by outside researchers (Google is awaiting disclosure of flaws discovered internally) are the use-after-free memory vulnerability in Dev Tools discovered by Microsoft researchers and the ANGLE graphics engine heap buffer overflow (also a memory issue) Details of these flaws have not yet been made public

By our count, this is the eighth Chrome for desktop security update in the past two months and the fourth in the past two weeks; the Chrome/Chromium developers have certainly been busy Their efforts have made the browser very secure to use

Here is a list of the latest updates to Chrome/Chromium

Categories