Do you wonder which program is so insecure that it has been hacked 45 times in the last 3 weeks? Think Chrome.
Google recently announced that 20 new vulnerabilities have been found which brings the total to 45 in the last three weeks. Fifteen of these are high-level threats and users of Linux, macOS and Windows are all susceptible. In other words, Chrome has the dubious distinction of 3 weeks = 45 hacks.
Previously this year Chrome had reported 15 zero-day hacks, but, thankfully, none of these new ones are rated that high.
Use-After-Free (UAF) attacks comprise the majority of attacks against Chrome. These UAF vulnerabilities exploit memory when a program fails to clear the pointer to the memory after it is freed.
Another common form of attack is found when there are Heap Buffer Overflow Flaws. Also known as Heap Smashing, “memory on the heap is dynamically allocated and typically contains program data. With an overflow, critical data structures can be overwritten which makes it an ideal target for hackers“ (Forbes, Gordon Kelly, December 8, 2021).
Google has released a new version of Chrome which will roll out over the next few days or weeks. While you wait for the fix, your data is not be protected.
If you are protected, your version of Chrome will be 96.0.4664.93 or higher. If you do not have this version, you need to keep checking for an update.
Once the fix is released for your browser, you must download it immediately. The final step, then, is to restart your browser. If you do not remember to do a restart, you will not be protected from future hacks.
As usual, Google is restricting the information about these threats. The restriction is meant to give Chrome users enough time to upgrade before the vulnerabilities are too well known. If you want to know a little more about these threats, visit https://tinyurl.com/y5spwktf.