Windows, Linux, and Mac users of the Google Chrome browser can breathe easy for now. This last security warning is only for smartphone users for a change. In a Chrome update confirmation released on May 9, Google revealed no less than 13 security patches. Of these, eight were assigned Common Vulnerabilities and Exposures (CVE) high severity ratings, with one receiving a medium score. The others, four in all, are wrapped in a “miscellaneous patch” from ongoing internal security work that has not been assigned CVE numbers.
$11,000 awarded to security researchers in bug bounty payments
Of those that received assessments, three high-severity Chrome for Android security vulnerabilities saw bug bounty payments totaling $11,000 made to security researchers who disclosed them. The medium-severity solitary vulnerability earned a bounty payout of $5,000. Four of the others are in line for monetary payment, but the amounts have yet to be confirmed by Google.
Update to Google Chrome v101.0.4951.61as as soon as you can
As usual, the advice from Forbes Straight Talking Cyber is to make sure your smartphone is updated as soon as possible so that vulnerability fixes can be applied. Google said the fix is rolling out and should be available on Google Play “over the next few days.” The updated version, according to Google’s announcement, is Chrome v101.0.4951.61 for Android. As of this writing, my Samsung Galaxy Note 10+ is still on the April 26th update of v101.0.4951.41 and therefore has not been patched yet.
How to check your Google Chrome for Android version number
The best advice is to let Google update your app as soon as it’s available. To set this up, access the three-dot menu in the Google Play app and head to Settings | Network PreferencesAuto-update apps.
To check your Chrome for Android version number, go to the three-dot menu in the Chrome app itself and select Help & Feedback, then in the three-dot menu there is Version Info.
To check Google Play for the latest version, open the app and click your profile icon in the top right. From here you want to manage apps and devices| Updates available.
These are Chrome’s security vulnerabilities that have been patched
The nine security vulnerabilities covered by this Chrome update are as follows, remember that Google restricts access to all details until a majority of users have had a chance to update their browser app.
High severity index:
- CVE-2022-1633: Use after free in Sharesheet.
- CVE-2022-1634: Use after free in browser UI.
- CVE-2022-1635: Use after release in permission prompts.
- CVE-2022-1636: Use after release in performance APIs.
- CVE-2022-1637: Inappropriate implementation in web content.
- CVE-2022-1638: Heap buffer overflow in V8 Internationalization.
- CVE-2022-1639 bred: use after release in ANGLE.
- CVE-2022-1640: Use after free in sharing.
Average severity index:
- CVE-2022-1641: Usage after free in web UI diagnostics.