Apple’s stable channel update for desktop which takes Google Chrome to version 101.0.4951.41 for Windows, Mac, and Linux users provides fixes 30 security vulnerabilities.
As reported by Forbes’ Davey Winder, none of these are zero-days where attackers are known to already be exploiting the vulnerabilities. However, Chrome users are encouraged to immediately update their browsers to protect against possible future browser-based attacks.
Of the 30 vulnerabilities, seven are rated high risk while 14 get a medium Common Vulnerabilities and Exposures (CVE) rating. In all, more than $80,000 has been confirmed by way of Google bounty payments to the researchers who found these security problems.
While not all of the details of the update have been released, it does include fixes for the following 25 issues:
High-rated vulnerabilities:
- CVE-2022-1477: Use after free in Vulkan.
- CVE-2022-1478: Use after free in SwiftShader.
- CVE-2022-1479: Use after free in ANGLE.
- CVE-2022-1480: Use after free in Device API.
- CVE-2022-1481: Use after free in Sharing.
- CVE-2022-1482: Inappropriate implementation in WebGL.
- CVE-2022-1483: Heap buffer overflow in WebGPU.
Medium-rated vulnerabilities:
- CVE-2022-1484: Heap buffer overflow in Web UI Settings.
- CVE-2022-1485: Use after free in File System API.
- CVE-2022-1486: Type Confusion in V8.
- CVE-2022-1487: Use after free in Ozone.
- CVE-2022-1488: Inappropriate implementation in Extensions API.
- CVE-2022-1489: Out of bounds memory access in UI Shelf.
- CVE-2022-1490: Use after free in Browser Switcher.
- CVE-2022-1491: Use after free in Bookmarks.
- CVE-2022-1492: Insufficient data validation in Blink Editing.
- CVE-2022-1493: Use after free in Dev Tools.
- CVE-2022-1494: Insufficient data validation in Trusted Types.
- CVE-2022-1495: Incorrect security UI in Downloads.
- CVE-2022-1496: Use after free in File Manager.
- CVE-2022-1497: Inappropriate implementation in Input.
Low-rated vulnerabilities:
- CVE-2022-1498: Inappropriate implementation in HTML Parser.
- CVE-2022-1499: Inappropriate implementation in WebAuthentication.
- CVE-2022-1500: Insufficient data validation in Dev Tools.
- CVE-2022-1501: Inappropriate implementation in iframe.
Windows, Mac, and Linux users can update their Chrome browser by going to the “Help” -> “About” option in your Google Chrome menu. The “About” page will load and if the update is available, it will automatically start downloading. Restart the browser once the update has been downloaded. Once the browser restarts, it should be updated to version 101.0.4951.41.