Google has rolled out a new update for the Chrome browser, which includes 37 security fixes. Out of these 37, one was filed as critical, while 10 were categorised as of high security concern. About 24 of these were alerted through external researchers. Most of these researchers were given between $1000 to $10000 as a reward for finding the vulnerabilities.
“We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel,” wrote Prudhvikumar Bommana, Technical Program Manager at Google Chrome, in a blog post on Tuesday.
The update, named as the Chrome 97.0.4692.71, contained fixes for the critical use-after-free (UAF) vulnerability CVE-2022-0096. UAF refers to a vulnerability that is associated with the incorrect use of dynamic memories while operating a program, which can be used by hackers to gain access to the program.
Other UAFs reported are the CVE-2022-0098, 0099, 0103, 0105 AND 0106. CVEs stand for Common Vulnerabilities and Exposures, in cybersecurity parlance, it is used as a tool to tag publically disclosed digital security flaws.
Google, however, did not mention if any of the reported vulnerabilities were exploited.
The updates are expected to reach users automatically, but enterprise customers will need to get in touch with their respective admins to ensure that the update is pushed.
The last security patches were released by Google On December 13 last year, where five security fixes were deployed, all by external researchers. These are CVE-2021- 4099, 4100, 4101 and 4102.
Most of these vulnerabilities are detected using open-source programming tools such as the likes of UndefinedBehaviorSanitizer, AddressSanitizer, MemorySanitizer, Control-Flow Integrity, and libFuzzer, among others.