Google this week is rolling out a new version of the world’s most popular web browser, Chrome 97, for all supported platforms. The desktop release patches a number of security flaws, including some deemed very serious.
Chrome 97 is rolling out not just on desktop platforms (Windows, Mac, Linux) but also for mobile platforms (iOS, Android). While the mobile releases merely bring “stability and performance improvements” according to the changelogs, the desktop rollout carries a bit more fanfare – at least from a security perspective.
Packing 37 security fixes, Chrome 97 addresses numerous vulnerabilities deemed either critical or high-severity in nature. For example, the update patches several use-after-free flaws in areas like storage, screen capture, sign-in, SwiftShader and PDF.
Use-after-free errors arise due to incorrect use of dynamic memory during program operation and can lead to anything from corruption of valid data to the execution of arbitrary code (including malicious code), depending on certain variables.
One of them – CVE-2022-0096: Use after free in Storage– is labeled ‘critical,’ yet Google refrains from detailing the flaw to ensure most users are up to date before the technicalities are out. The Internet giant has yet to calculate the appropriate bug bounty for its discoverer, Yangkang (@dnpushme) of 360 ATA.
The next-in-rank bug – CVE-2022-0097: Inappropriate implementation in DevTools – labeled as ‘high’ severity, has nabbed researcher David Erceg a cool $10,000, meaning Yangkang’s ‘critical’ finding should fetch an even prettier penny.
While many of the security bugs squashed in Chrome 97 are deemed ‘medium’ and ‘low’ severity flaws, at least a quarter of them are still considered serious vulnerabilities if exploited for malicious gain by bad actors. Which means users should waste no time updating.
To do so, go to Chrome’s Settings panel, select About Chrome and let the browser fetch its latest iteration for you. When prompted, relaunch Chrome to apply the update. Remember to save your work beforehand.