A security update for Google Chrome 96 is out – Ghacks Technology News

Google released an update for Google Chrome 96, the company’s web browser, today for all supported desktop operating systems and for the company’s Android platform.chrome 96 security updateThe new version of Google Chrome is a security update that patches 20 different security issues, many of which rated high, the second-highest rating after critical.
Chrome is rolled out automatically on all supported platforms by default. Desktop users may speed up the discovery of the new update by selecting Menu > Help > About Google Chrome, or by loading chrome://settings/help directly. The page that opens lists the version of the browser that is installed currently, and it will run a check for updates to download and install the latest version of the browser.
Android users may open the page as well, but the download of updates is powered by Google Play, which means that updates can’t be expedited this way.
The Chrome releases blog lists all security issues that were reported by external researchers. Most were reported to Google in November, some in October and one in August of 2021.
[$15000][1267661] High CVE-2021-4052: Use after free in web apps. Reported by Wei Yuan of MoyunSec VLab on 2021-11-07
[$10000][1267791] High CVE-2021-4053: Use after free in UI. Reported by Rox on 2021-11-08
[$5000][1239760] High CVE-2021-4054: Incorrect security UI in autofill. Reported by Alesandro Ortiz on 2021-08-13
[$1000][1266510] High CVE-2021-4055: Heap buffer overflow in extensions. Reported by Chen Rong on 2021-11-03
[$TBD][1260939] High CVE-2021-4056: Type Confusion in loader. Reported by @__R0ng of 360 Alpha Lab on 2021-10-18
[$TBD][1262183] High CVE-2021-4057: Use after free in file API. Reported by Sergei Glazunov of Google Project Zero on 2021-10-21
[$TBD][1267496] High CVE-2021-4058: Heap buffer overflow in ANGLE. Reported by Abraruddin Khan and Omair on 2021-11-06
[$TBD][1270990] High CVE-2021-4059: Insufficient data validation in loader. Reported by Luan Herrera (@lbherrera_) on 2021-11-17
[$TBD][1271456] High CVE-2021-4061: Type Confusion in V8. Reported by Paolo Severini on 2021-11-18
[$TBD][1272403] High CVE-2021-4062: Heap buffer overflow in BFCache. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-11-22
[$TBD][1273176] High CVE-2021-4063: Use after free in developer tools. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-11-23
[$TBD][1273197] High CVE-2021-4064: Use after free in screen capture. Reported by @ginggilBesel on 2021-11-23
[$TBD][1273674] High CVE-2021-4065: Use after free in autofill. Reported by 5n1p3r0010 on 2021-11-25
[$TBD][1274499] High CVE-2021-4066: Integer underflow in ANGLE. Reported by Jaehun Jeong(@n3sk) of Theori on 2021-11-29
[$TBD][1274641] High CVE-2021-4067: Use after free in window manager. Reported by @ginggilBesel on 2021-11-29
[$500][1265197] Low CVE-2021-4068: Insufficient validation of untrusted input in new tab page. Reported by NDevTK on 2021-10-31
No critical rating has been assigned, but most issues are rated as high. The issues don’t seem to be exploited in the wild, as Google mentions that usually in the release announcement.
The Android version includes stability and performance updates according to Google. It is unclear if security issues were patched in the Android version as well; none are mentioned on the release blog post.
Most Chromium-based browsers are affected by at least some of these vulnerabilities as well. Expect other browsers, such as Microsoft Edge or Brave, to release security updates soon as well that address the issues.
Now You: When do you update your browsers?
I hate Chrome.
I use it for streaming news TV only, nothing else.
It never updates, I just get the common update error and I have to run the installer every time.
What a piece of turd ware.
https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit#gid=2129022708
we’re going to need a bigger spreadsheet for chrome|ium’s zero days in the wild
you know your chrome is secure when you see large amounts of High CVEs every release. This release there’s only 15
@Pelican-Man
Your browser: 3% market share
Chromium, mostly Chrome: 80% market share
Guess who is the most attractive target, guess who gets more scrutiny…
I can assure you Safari has more than 3% share. I fail to see why you think chromium is more secure. You are not a security expert, security is a many layered thing and trying to compare them in totality and state one is better than the other just shows you are ignorant
welp chromium is open source no?whats that word again, the thing about bug found faster fixed faster equal to more “secure” stuff. i thought that what it supposed to be…so this is good no? unless open sourcing stuff doesnt make it any diff at all.
@Safety-Man
> I can assure you Safari has more than 3% share
Yeah, but Safari is not your browser, buddy. You are constantly shilling for Firefox.
> I fail to see why you think chromium is more secure. You are not a security expert, security is a many layered thing and trying to compare them in totality and state one is better than the other just shows you are ignorant
Compare the many layers then:
https://madaidans-insecurities.github.io/firefox-chromium.html
Can’t wait for your results, mate. Chromium is undisputedly more secure.
@Iron Heart
The thing you imply by comparing market share is generally correct, however….
Check out that list:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/
An overall number of CVE is similar, just 6 high, 5 moderate, 2 low. We may bet that in the next batch of FF/Chrome roles may be opposite, or one of it may double the other. It just shows, that both browsers are similar in that regard. Both have vulnerabilities. And both get them fixed, even with sooo disproportional resources. And I draw my personal conclusion on that as well.
I update the stable version of a browser within 24 hours of its release. Lately I have not had time to explore beta versions.
“When do you update your browsers?”
Just set up three android phones and one of the first things I did before installing sims or going online was disabling Chrome. I have one stripped out Chromium on desktop that’s updated whenever, even that is severely junked out these days. Chrome and Chredge are banned.
I mean, C’mon, Android 12 is 13 GB? Why? It takes an hour to disable all the crapware in it. Same with iOS except even more junkware. The better CPU’s get, the crummier so called OS’s get.
I’m a bit amazed that the mass of users put up with all the ads and nagging in mainstream devices. This is what now passes for entertainment?
I disabled it on Android and use the Samsung browser, which is pretty good nowadays, with Adguard extension and Blokada.
Ages ago I uninstalled Chrome. I remember when it first came out it was a great fast browser on XP and Millennium. IE6 was a nice virus enabler, Firefox was insanely slow on my stone age laptop, but with Chrome I could go to… the internet again.
@Sebas
Isn’t Samsung Browser based on chromium?





Please click on the following link to open the newsletter signup page: Ghacks Newsletter Sign up
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.

source