Windows, Linux and Mac users of the Google Chrome browser can breathe easy for the moment. This latest security warning is directed solely at smartphone users for a change. In a Chrome update confirmation published 9 May, Google has revealed no less than 13 security fixes. Of these, eight have been assigned Common Vulnerabilities and Exposures (CVE) severity ratings of high, with one getting a medium scoring. The remainder, four in all, are wrapped up with a ‘various fixes’ from ongoing internal security work that have not been given CVE numbers.
$11,000 awarded to security researchers in bug bounty payments
Of those that have been assigned ratings, three high-severity Chrome for Android security vulnerabilities saw bug bounty payments totaling $11,000 made to the security researchers who disclosed them. The solitary medium-severity vulnerability earned a $5,000 bounty payment. Four of the others are in line for a monetary payment but the amounts have yet to be confirmed by Google.
Update to Google Chrome v101.0.4951.61as soon as you can
As usual, the Forbes Straight Talking Cyber advice is to ensure that your smartphone is updated as soon as possible so that the vulnerability patches can be applied. Google has stated that the fix is rolling out now and should become available on Google Play “over the next few days.” The updated version, according to the Google announcement, is Chrome v101.0.4951.61 for Android. At the time of writing, my Samsung Galaxy Note 10+ is still on the 26 April update of v101.0.4951.41 and so not yet patched.
How to check your Google Chrome for Android version number
The best advice is to let Google update your app as soon as it becomes available. To configure this, go to the three-dot menu in the Google Play app and head for Settings|Network preferencesAuto-update apps.
To check your Chrome for Android version number go to the three-dot menu in the Chrome app itself and select Help & Feedback then from the three-dot menu there Version Info.
To check Google Play for the latest version open the app and click on your profile icon top right. From here you want Manage apps and device|Updates available.
These are the Chrome security vulnerabilities that have been fixed
The nine security vulnerabilities covered by this Chrome update are as follows, remember that Google restricts access to the full details until such a time as a majority of users have had the chance to update their browser app.
High severity rating:
- CVE-2022-1633: Use after free in Sharesheet.
- CVE-2022-1634: Use after free in Browser UI.
- CVE-2022-1635: Use after free in Permission Prompts.
- CVE-2022-1636: Use after free in Performance APIs.
- CVE-2022-1637: Inappropriate implementation in Web Contents.
- CVE-2022-1638: Heap buffer overflow in V8 Internationalization.
- High CVE-2022-1639: Use after free in ANGLE.
- CVE-2022-1640: Use after free in Sharing.
Medium severity rating:
- CVE-2022-1641: Use after free in Web UI Diagnostics.