Google has once again updated the desktop version of its Chrome browser for Windows, Mac, and Linux, raising the version number to 900443093 and fixing nine security flaws
Unlike other Chrome security updates in the past two months, this time there are no patches for "zero-day" flaws that have been actively attacked by hackers However, it is best to update your Chrome browser now, as the bad guys can often figure out what the vulnerabilities are by analyzing code changes
On either Mac or Windows, simply click on the three vertical dots in the upper right corner of the browser window, scroll down to highlight "Help," and click "About Google Chrome" from the menu that appears
A new tab will open, indicating that your Chrome build is up to date or a newer version will be downloaded
Linux users generally need to wait until their chosen distribution pushes the Chrome update along with other normal software updates
Since Chrome shares infrastructure with Brave, Microsoft Edge, Opera, Vivaldi, and others, these browsers will eventually need to be updated as well
In Brave and Edge, click the settings icon in the upper right corner and scroll down to find "About"; in Opera and Vivaldi, click the browser logo in the upper left corner
However, as of this writing Wednesday afternoon (April 28), only Brave has been updated to version 900443093, the same as Chrome
Opera was still based on Chromium 900443085, and Vivaldi was based on Chromium 8904389128 Edge uses a slightly different version number, but if you type "edge:// version", which indicates that the current version is based on Chromium 900443085
One of the most serious flaws fixed in the new version of Chrome is a problem with the V8 JavaScript engine
Like these flaws, this new flaw is harmless unless the browser's "sandbox" is turned off, in which case it could be used to hijack a computer's operating system
Singular Security Lab researcher Gengming Liu disclosed the flaw to Google on April 15 and plans to collect a $15,000 "bug bounty" for his discovery
Most Chromium-based browsers have sandboxing turned on by default However, desktop applications that use Chromium, such as Slack, Discord, Spotify, Bitwarden, WhatsApp, Twitch, Microsoft Teams, and Skype, may have the sandbox turned off Therefore, be careful updating these applications
Two other highly critical flaws discovered by outside researchers (Google is awaiting disclosure of flaws discovered internally) are the use-after-free memory vulnerability in Dev Tools discovered by Microsoft researchers and the ANGLE graphics engine heap buffer overflow (also a memory issue) Details of these flaws have not yet been made public
By our count, this is the eighth Chrome for desktop security update in the past two months and the fourth in the past two weeks; the Chrome/Chromium developers have certainly been busy Their efforts have made the browser very secure to use
Here is a list of the latest updates to Chrome/Chromium
Comments