Google Issues Chrome Security Update Fixing 18 Serious Browser Flaws

Google has released a new Chrome security update addressing 18 vulnerabilities in its desktop browser, including several flaws rated critical or high severity. The update moved the Stable channel to version 149.0.7827.196/197 for Windows and Mac, and 149.0.7827.196 for Linux, with rollout taking place over the coming days and weeks.

The company has released only limited technical detail for now, a standard move intended to reduce the risk of attackers exploiting the bugs before most users have installed the fix. Google said access to bug details may remain restricted until a majority of users have updated, and may also stay limited where third party libraries are affected.

The most serious issues include four critical vulnerabilities. Two affect WebGL, the browser technology used to render interactive graphics, while others involve Blink Interest Groups and Autofill. The wider patch set also includes high severity flaws in areas including DeviceBoundSessionCredentials, Autofill, GPU, Navigation, DevTools, Digital Credentials, FileSystem, Web Authentication, Blink, Passwords, Bluetooth and WebView.

A significant share of the update targets use after free bugs, a type of memory corruption flaw that occurs when software attempts to access memory after it has already been released. These vulnerabilities can sometimes be used to crash software, steal data or support more serious attacks when chained with other weaknesses. Malwarebytes noted that Google had not indicated the newly patched flaws were being actively exploited in the wild.

The release follows an unusually heavy month of Chrome patching. On June 2, Google promoted Chrome 149 to the stable channel with 429 security fixes, including multiple critical memory and graphics related vulnerabilities.

Google followed the 18 fix release with another Stable channel update on June 25, moving Chrome to 149.0.7827.200/201 for Windows and Mac, and 149.0.7827.200 for Linux. That later update included three additional high severity security fixes involving Mojo, Payments and AdFilter.

Users who do not want to wait for Chrome’s automatic rollout can check for the update manually. The process is to open Chrome’s menu, go to Settings, then About Chrome, where the browser will check for available updates. A restart is needed to complete installation.

The latest wave of fixes underlines how central browser security has become to everyday cyber defence. Chrome is often the first point of contact between users and malicious websites, making prompt updates one of the simplest ways to reduce exposure to fast moving threats.

Photo Credit: DepositPhotos.com