Google Issues Warning To Millions Of Chrome Users

Chrome users, you need to be alert. Google has issued a new warning to its circa three billion Chrome users around the world confirming new ‘High’ level attacks on its browser. This is what you need to know to stay safe. 

MORE FROM FORBESNew Edge, Firefox, Chrome ‘100’ Updates Will Break Some Websites

Google announced the news in an official blog post, revealing that a total of 28 successful Chrome hacks have been discovered – nine of which are considered ‘High’ level threats. All 28 attacks affect Chrome across all major platforms: Windows, Mac and Linux.

What Are The New Chrome Hacks?

To protect users and buy them time to upgrade, Google is currently restricting information about the new exploits. Consequently, Google has only provided broad categorizations of where the successful attacks have been made:

  • High –  CVE-2022-0789: Heap buffer overflow in ANGLE. Reported by SeongHwan Park (SeHwa) on 2022-01-21
  • High –  CVE-2022-0790: Use after free in Cast UI. Reported by Anonymous on 2021-11-26
  • High –  CVE-2022-0791: Use after free in Omnibox. Reported by Zhihua Yao of KunLun Lab on 2021-12-09
  • High –  CVE-2022-0792: Out of bounds read in ANGLE. Reported by Jaehun Jeong(@n3sk) of Theori on 2022-01-11
  • High –  CVE-2022-0793: Use after free in Views. Reported by Thomas Orlita on 2022-01-28
  • High –  CVE-2022-0794: Use after free in WebShare. Reported by Khalil Zhani on 2022-02-04
  • High –  CVE-2022-0795: Type Confusion in Blink Layout. Reported by 0x74960 on 2021-12-27
  • High –  CVE-2022-0796: Use after free in Media. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2022-02-10
  • High –  CVE-2022-0797: Out of bounds memory access in Mojo. Reported by Sergei Glazunov of Google Project Zero on 2021-12-21

Continuing a long established pattern, hackers are getting most joy with ‘Use-After-Free’ (UAF) exploits. The five successful high-level attacks here bring the total number of Chrome UAF hacks to 31 since the start of 2022. UAF vulnerabilities are memory exploits created when a program…