heise PlusAbo

Update patches 79 security vulnerabilities in Google Chrome

The weekly Chrome update closes a total of 79 security vulnerabilities. 14 of these are considered critical.

listen Print view
Chrome logo with warning sign against a matrix background; all blown away by the wind.

(Image: heise medien)

2 min. read
Security
By

Google released the weekly browser update for Chrome on Wednesday. The developers are now also providing information on the security vulnerabilities closed with it: 79 in total, 14 of which represent a critical risk.

In the release announcement, Google briefly mentions, as always, in which component the vulnerabilities are found and their severity. Further details are not provided, but the vulnerabilities can usually be exploited by displaying manipulated websites. Critical and high-risk vulnerabilities typically allow the execution of malicious code, breaking out of the sandbox, or intercepting sensitive and otherwise exploitable information.

Alone, eight of the critical flaws are based on “Use-after-free”, meaning accessing resources after they have already been released, making their content undefined and often allowing code injection. In addition, there are two integer overflows, a heap-based buffer overflow, insufficient validation of untrusted user input, a problem with an object lifecycle, and a race condition in the Payments component. This component is used for auto-filling and integrates Google Pay and the credit card information stored within it.

Google's developers classify another 37 vulnerabilities as “high” risk, and 28 as “medium”. However, Google does not mention that any of them are being exploited in the wild. Nevertheless, users of Chrome and browsers based on the Chromium project should quickly check if the updates have been applied.

Google states that Chrome 148.0.7778.167 for Android, 148.0.7778.166 for iOS, 148.0.7778.167 for Linux, and 148.0.7778.167/168 for macOS and Windows fix the numerous security-relevant errors. The update can be found in the version dialog, which opens by clicking the browser menu and then navigating through “Help” to “About <Browser Name>”. On Linux, the distribution's own software manager is usually used. On mobile devices, updates are found in the respective app store – often with a significant delay.

Videos by heise

Chromium-based browsers like Microsoft Edge are also expected to deliver security updates shortly. However, particularly for Edge, there is no corresponding notice on Microsoft's list of security updates at the time of reporting.

Last week, Google's programmers even addressed even more security vulnerabilities, a total of 127. However, only three were classified as critical risk.

(dmk)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten