Stay Secure: Google Chrome 120 Security Update Overview
Just hours ago, Google unveiled its latest weekly security update for the Chrome web browser, aimed at enhancing user protection. This update, applicable to both Chrome Stable and Chrome Extended Stable, addresses a total of **nine security vulnerabilities** without introducing non-security modifications.
Why You Should Update Immediately
Updating your Chrome browser is paramount. Despite the capability for Chrome to handle automatic updates, it may take days or even weeks for these updates to reach every installation. Therefore, for immediate protection, it’s advisable to check for updates manually.
How to Update Your Chrome Browser
To ensure your browser is updated without delay, follow these simple steps:
- Open a new tab in Chrome.
- Enter
chrome://settings/helpin the address bar. - Chrome will display its current version and concurrently check for any available updates.
- If an update is available, it will commence downloading and install automatically.
- A restart of the browser is required to finalize the update process.
After successfully updating, the current version should reflect one of the following:
- Chrome for macOS, Linux, or Windows: 120.0.6099.109
- Chrome Extended for macOS and Windows: 120.0.6099.109
What’s New in Chrome 120
Released just last week, Chrome 120 introduced significant changes alongside security improvements. Noteworthy updates include:
- Discontinuation of support for Android 7 Nougat devices.
- A proactive Safety Check feature to fortify user security.
- Integration of URL-based signals within the Permission Suggestion Service.
- Enhanced capability to share passwords within Family Group accounts.
Addressed Vulnerabilities in the Latest Update
This security update resolves nine vulnerabilities, six of which have been disclosed on the official Chrome Releases website. The details of these vulnerabilities are as follows:
- [$16,000][1501326] High CVE-2023-6702: Type Confusion in V8 – Reported by Zhiyi Zhang and Zhunki from Codesafe Team at Qi’anxin Group on 2023-11-10.
- [$7,000][1502102] High CVE-2023-6703: Use after free in Blink – Reported by Cassidy Kim (@cassidy6564) on 2023-11-14.
- [$7,000][1504792] High CVE-2023-6704: Use after free in libavif – Reported by Fudan University on 2023-11-23.
- [$7,000][1505708] High CVE-2023-6705: Use after free in WebRTC – Reported by Cassidy Kim (@cassidy6564) on 2023-11-28.
- [$6,000][1500921] High CVE-2023-6706: Use after free in FedCM – Reported by anonymous on 2023-11-09.
- [$7,000][1504036] Medium CVE-2023-6707: Use after free in CSS – Reported by @ginggilBesel on 2023-11-21.
Most vulnerabilities have a high severity rating, second only to critical vulnerabilities, emphasizing the urgency of the update. Many of the security flaws pertain to use-after-free vulnerabilities across various components like WebRTC, libavif, and CSS.
Be Proactive About Your Security
As of now, Google indicates no known exploits are actively targeting the resolved vulnerabilities. However, the risk of future exploits makes immediate updates crucial. Staying updated enhances your browser’s defense against potential threats.
Now You: Do you use Google Chrome?
Additional Insights
1. How do I know if my Chrome browser is up to date?
You can check your Chrome browser’s version by going to chrome://settings/help in the address bar. It will display both the current version and whether any updates are available.
2. What are ‘use after free’ vulnerabilities?
‘Use after free’ vulnerabilities occur when a program continues to use a memory location after it has been freed. This can allow attackers to manipulate the already deallocated memory, leading to potential exploits.
3. What should I do if my Chrome update fails to install?
If your Chrome update fails, try restarting the browser, then go back to chrome://settings/help to check again. If issues persist, consider reinstalling Chrome or checking your internet connection.
Leave a Reply