Chrome Update Fixes Critical Flaw On Billions Of Windows, Mac And Linux Systems, Patch Now
Google has begun rolling out another update to its Chrome browser on all the major desktop platforms (Windows, Linux, and Mac) and there are at least 32 reasons why you should apply it sooner rather than later. That's the number of security fixes the latest update includes. If you're looking for just one very good reason, though, it would be CVE-2022-1853.
That particular Common Vulnerabilities Exposures (CVE) designation is among the dozens of fixes in the latest patch and carries a "Critical" security rating. There's not much information about the flaw that is being publicly shared yet, just that it's a "Use after free in Indexed DB" vulnerability. However, anything rated as Critical is not to be trifled with.
Generally speaking, IndxedDB is a low-level application programming interface (API) that's built into the browser (Chrome, in this case) that allows for persistently storing large amounts of data in the browser. It's considered more powerful than local storage.
A 'use after free' (UAF) vulnerability relates to an issue with how an application is handling dynamic memory. An attacker can exploit UAFs to inject arbitrary code. You can check out Kaspersky's blog on UAFs, but the gist of it is, they are attack vectors.
In addition to the Critical security flaw, the latest Chrome update patches eight issues that are rated High, nine that are rated Medium, and six rated Low. By our count, including the aforementioned Critical flaw, a dozen of the 32 security holes are UAFs.
You can check out the list of fixes for a rundown of the CVEs, though as is typical, fine grain details about each one are kept under lock and key until a majority of users have applied the update. You should receive it automatically over the coming weeks, but to force the issue (which we recommend), click the three dots in the upper-right corner and navigate to Help > About Google Chrome.
