Google Patches Dozens Of Vulnerabilities In Chrome, Update ASAP
upstart writes:
Google Warns Billions That Chrome Has Been Hacked, Patch This Version ASAP:
[...] The Stable Channel for the desktop edition of Chrome had an update on April 26, 2022. That update includes 30 security fixes, some of them so bad that Google is urging all users to update immediately.
The release notes for Google's Chrome v101.0.4951.41 for Windows, Mac, and Linux has a long list of bug fixes; you can view it here. However, there's also a key statement in that page.
"Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed."
Effectively the the non-developer translation of the quote above is that these are serious enough to keep the details hidden from the public to avoid bad actors pouncing on them with exploits. We can tell you a good portion of the bugs that have been published lately have to do with memory manipulation and memory overflow errors, a pretty popular way for malware developers to inject code into memory and allow for arbitrary execution, which is bad. [...]
[Editor's note (hubie): On 5/22 the original article author stepped back from their initial headline and stance. The SN headline here has been changed to reflect the current article headline and relevant text updated. I moved the original text below for posterity.]
Read more of this story at SoylentNews.