Google is Rolling Out Chrome 102 with 32 Security Fixes, One Critical
This week Google began a rolling release for stable Chrome version 102 "with 32 security fixes for browser on Windows, Mac and Linux," reports ZDNet:Chrome 102 for the desktop includes 32 security fixes reported to Google by external researchers. There's one critical flaw, while eight are high severity, nine are medium severity, and seven are low severity. Google also creates other fixes for issues found through internal testing... The critical flaw, labelled as CVE-2022-1853, is a 'use after free in IndexedDB', an interface for applications to store data in a user's browser.... "My guess is that an attacker could construct a specially crafted website and take over the visitor's browser by manipulating the IndexedDB," says Pieter Arntz, a malware intelligence researcher at Malwarebytes. None of the flaws fixed in this Chrome 102 stable release were zero days, meaning flaws that were exploited before Google released a patch for it. Google's Project Zero (GPZ) team last year counted 58 zero-day exploits for popular software in 2021. Twenty-five of these were in browsers, of which 14 affected Chrome. Google engineers argue zero-day counts are rising because vendors are improving detection, fixes and disclosure. However, GPZ researchers argue the industry as a whole is not making zero days hard enough for attackers, who often rely on tweaking existing flaws rather than being forced to conjure up entirely new exploitation methods. Linux/Mac/Windows users of Chrome can check Help/About to see if the update has already rolled out to their system - or if they need to update manually.
Read more of this story at Slashdot.