For the approximately 3.2 billion users of the Google Chrome web browser, the good news is that, to the best of our knowledge, there are no new zero-day attacks going on against them. But according to Google’s latest check, a total of 32 new security vulnerabilities have been identified affecting Chromium-based browsers. One of these is a severe impact condition, eight are high and nine are moderate.
This is a large and very important security update for all Chrome users on Windows, Mac and Linux platforms. Updates to the Android Chrome app are also being rolled out, but it doesn’t seem to be security related, as Google only pointed out “stability and performance” issues in the release announcement.
What are the most important Google Chrome vulnerabilities to be disclosed?
So, what do you know about the May 24th Google Chrome update which will bring the browser to version 102.0.505.61 for Mac and Linux users and version 102.0.5005.61 62 or 63 for Windows users? After verifying that my copy is updated in Windows 11 (see below for details) it says version 102.0.5005.63, but your mileage may vary.
Anyway, here’s what we know so far of the most important vulnerabilities fixed by this security update:
- CVE-2022-1853 is a ‘free-to-use’ vulnerability affecting IndexedDB, the ability to quickly access structured data.
- CVE-2022-1854 is a high-grade ‘free-to-use’ vulnerability in the ANGLE graphics engine abstraction layer.
- CVE-2022-1855 is a high-rated ‘free-to-use’ vulnerability in Messaging.
- CVE-2022-1856 is a high-rated ‘free-to-use’ vulnerability in user education features.
- CVE-2022-1857 is a high-level vulnerability related to insufficient policy enforcement of the file system API.
- CVE-2022-1858 is a high-rated ‘out of scope’ vulnerability affecting DevTools.
- CVE-2022-1859 is another ‘free-to-use’ vulnerability, this time evaluated within Performance Manager.
- CVE-2022-1860 is another high-rated ‘free-to-use’ vulnerability, this time within the UI base.
- CVE-2022-1861 cleans up high-level vulnerabilities that are ‘free-to-use’ that affect shares.
The remaining vulnerabilities, which do not have a Common Vulnerabilities and Exposures (CVE) number assigned, may not be significant in terms of impact, but they are moving towards completing another major security update from Google.
Why and how to update now
As always, we recommend that you force a Chrome security update as soon as possible. As Google always says, they’ll be rolling out over the next few days and weeks, but given the nature of the security vulnerabilities they cover, we don’t recommend waiting. Just go to the Help|About option in the Google Chrome menu and the process will take place. This will cause Chrome to check for and download updates. However, the important thing is to restart your browser to make sure the update has been implemented and protects you from potential harm.