A security update for Google Chrome 96 is out

Google today released an update for Google Chrome 96, the company’s web browser, for all supported desktop operating systems and for the company’s Android platform.

The new version of Google Chrome is a security update that fixes 20 different security issues, many of which rated high, the second highest rating after critical.

Chrome is automatically deployed on all supported platforms by default. Desktop users can speed up the discovery of the new update by selecting Menu> Help> About Google Chrome, or by loading chrome: // settings / help directly. The page that opens lists the version of the browser that is currently installed, and will run a search for updates to download and install the latest version of the browser.

Android users can also open the page, but downloading updates works with Google Play, which means that updates cannot be sped up this way.

Read This Now: moto g200 5G and four other models

The Chrome releases blog lists all security issues reported by outside researchers. Most were reported to Google in November, some in October, and one in August 2021.

[$15000][1267661] High CVE-2021-4052: Use it after free in web applications. Reported by Wei Yuan of MoyunSec VLab on 2021-11-07
[$10000][1267791] High CVE-2021-4053: Use after free in UI. Reported by Rox on 2021-11-08
[$5000][1239760] High CVE-2021-4054: Bad security UI on autocomplete. Reported by Alesandro Ortiz on 2021-08-13
[$1000][1266510] High CVE-2021-4055: Stack buffer overflow in extensions. Reported by Chen Rong on 2021-11-03
[$TBD][1260939] High CVE-2021-4056: Type confusion in the charger. Reported by @__ R0ng of 360 Alpha Lab on 2021-10-18

[$TBD][1262183] High CVE-2021-4057: Use after free API on file. Reported by Sergei Glazunov of Google Project Zero on 2021-10-21
[$TBD][1267496] High CVE-2021-4058: heap buffer overflow in ANGLE. Reported by Abraruddin Khan and Omair on 2021-11-06
[$TBD][1270990] High CVE-2021-4059: Insufficient data validation in the loader. Reported by Luan Herrera (@lbherrera_) on 2021-11-17
[$TBD][1271456] High CVE-2021-4061: V8 rate confusion. Reported by Paolo Severini on 2021-11-18
[$TBD][1272403] High CVE-2021-4062: Stack buffer overflow in BFCache. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-11-22
[$TBD][1273176] High CVE-2021-4063: Use it after free in developer tools. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-11-23
[$TBD][1273197] High CVE-2021-4064: Use it after free in screenshot. Reported by @ginggilBesel on 2021-11-23
[$TBD][1273674] High CVE-2021-4065: Use after free autofill. Reported by 5n1p3r0010 on 2021-11-25
[$TBD][1274499] High CVE-2021-4066: Angle integer underflow. Reported by Jaehun Jeong (@ n3sk) of Theori on 2021-11-29
[$TBD][1274641] High CVE-2021-4067: Use it after free in window manager. Reported by @ginggilBesel on 2021-11-29
[$500][1265197] Under CVE-2021-4068: Insufficient validation of untrusted entry on new tab page. Reported by NDevTK on 2021-10-31

No critical rating has been assigned, but most issues are rated high. The problems don’t seem to explode in the wild, as Google generally mentions in the launch announcement.

Read This Now: Cheap energy storage within the range of an "ice electrode" of soot and manganese dioxide

The Android version includes stability and performance updates according to Google. It is not clear if the security issues were also fixed in the Android version; none are mentioned in the blog post posting.

Most Chromium-based browsers are also affected by at least some of these vulnerabilities. Expect other browsers, such as Microsoft Edge or Brave, to release security updates soon that also address the issues.

Now you: When do you update your browsers?

advertising