Serious Discussion Google Chrome Stable Channel Updates

silversurfer

Super Moderator
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,256
Google released a new version of its Chrome web browser to the public. The new version of the web browser, Chrome 97.0.4692.99, is a security update that addresses 26 different issues in the browser, including one rated critical. Chrome Extended Stable has been updated as well to address the issues.
 

Gandalf_The_Grey

Level 84
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,415
Google Chrome 98.0.4758.80/81/82 Stable Channel Update for Desktop
The Chrome team is delighted to announce the promotion of Chrome 98 to the stable channel for Windows, Mac and Linux. Chrome 98 is also promoted to our new extended stable channel for Windows and Mac. This will roll out over the coming days/weeks.

Chrome 98.0.4758.80/81/82 for windows and 98.0.4758.80 for mac and linux contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 98.

Security Fixes and Rewards

This update includes 27 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[$20000][1284584] High CVE-2022-0452: Use after free in Safe Browsing. Reported by avaue at S.S.L. on 2022-01-05

[$20000][1284916] High CVE-2022-0453: Use after free in Reader Mode. Reported by Rong Jian of VRI on 2022-01-06

[$12000][1287962] High CVE-2022-0454: Heap buffer overflow in ANGLE. Reported by Seong-Hwan Park (SeHwa) of SecunologyLab on 2022-01-17

[$7500][1270593] High CVE-2022-0455: Inappropriate implementation in Full Screen Mode. Reported by Irvan Kurniawan (sourc7) on 2021-11-16

[$7000][1289523] High CVE-2022-0456: Use after free in Web Search. Reported by Zhihua Yao of KunLun Lab on 2022-01-21

[$5000][1274445] High CVE-2022-0457: Type Confusion in V8. Reported by rax of the Group0x58 on 2021-11-29

[$1000][1267060] High CVE-2022-0458: Use after free in Thumbnail Tab Strip. Reported by Anonymous on 2021-11-05

[$TBD][1244205] High CVE-2022-0459: Use after free in Screen Capture. Reported by raven (@raid_akame) on 2021-08-28

[$7500][1250227] Medium CVE-2022-0460: Use after free in Window Dialog. Reported by 0x74960 on 2021-09-16

[$3000][1256823] Medium CVE-2022-0461: Policy bypass in COOP. Reported by NDevTK on 2021-10-05

[$2000][1270470] Medium CVE-2022-0462: Inappropriate implementation in Scroll. Reported by Youssef Sammouda on 2021-11-16

[$1000][1268240] Medium CVE-2022-0463: Use after free in Accessibility. Reported by Zhihua Yao of KunLun Lab on 2021-11-09

[$1000][1270095] Medium CVE-2022-0464: Use after free in Accessibility. Reported by Zhihua Yao of KunLun Lab on 2021-11-14

[$1000][1281941] Medium CVE-2022-0465: Use after free in Extensions. Reported by Samet Bekmezci @sametbekmezci on 2021-12-22

[$TBD][1115460] Medium CVE-2022-0466: Inappropriate implementation in Extensions Platform. Reported by David Erceg on 2020-08-12

[$TBD][1239496] Medium CVE-2022-0467: Inappropriate implementation in Pointer Lock. Reported by Alesandro Ortiz on 2021-08-13

[$TBD][1252716] Medium CVE-2022-0468: Use after free in Payments. Reported by Krace on 2021-09-24

[$TBD][1279531] Medium CVE-2022-0469: Use after free in Cast. Reported by Thomas Orlita on 2021-12-14

[$TBD][1269225] Low CVE-2022-0470: Out of bounds memory access in V8. Reported by Looben Yang on 2021-11-11
 

Gandalf_The_Grey

Level 84
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,415
Google Chrome 98.0.4758.102 Stable Channel Update for Desktop
The Stable channel has been updated to 98.0.4758.102 for Windows, Mac and Linux which will roll out over the coming days/weeks. Extended stable channel has also been updated to 98.0.4758.102 for Windows and Mac which will roll out over the coming days/weeks

A full list of changes in this build is available in the log. Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues

Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

This update includes 11 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[$15000][1290008] High CVE-2022-0603: Use after free in File Manager. Reported by Chaoyuan Peng (@ret2happy) on 2022-01-22

[$7000][1273397] High CVE-2022-0604: Heap buffer overflow in Tab Groups. Reported by Krace on 2021-11-24

[$7000][1286940] High CVE-2022-0605: Use after free in Webstore API. Reported by Thomas Orlita on 2022-01-13

[$7000][1288020] High CVE-2022-0606: Use after free in ANGLE. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2022-01-17

[$TBD][1250655] High CVE-2022-0607: Use after free in GPU. Reported by 0x74960 on 2021-09-17

[$NA][1270333] High CVE-2022-0608: Integer overflow in Mojo. Reported by Sergei Glazunov of Google Project Zero on 2021-11-16

[$NA][1296150] High CVE-2022-0609: Use after free in Animation. Reported by Adam Weidemann and Clément Lecigne of Google's Threat Analysis Group on 2022-02-10

[$TBD][1285449] Medium CVE-2022-0610: Inappropriate implementation in Gamepad API. Reported by Anonymous on 2022-01-08

We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

Google is aware of reports that an exploit for CVE-2022-0609 exists in the wild.
 

silversurfer

Super Moderator
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,256
The vulnerability CVE-2022-0609, Use after free in Animation, is actively exploited according to Google. Google does not mention how widespread the attacks are. Chrome users may want to update to the latest version as soon as possible to protect their browsers and data from potential attacks targeting the vulnerability.

It is unclear if other Chromium-based browsers are affected. Since the vulnerability is related to Animation, it seems likely that other Chromium-based browsers are also affected by it. Expect security updates for these browsers as well in the coming days and weeks (if affected).
 

Gandalf_The_Grey

Level 84
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,415

Moonhorse

Level 38
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,728

Gandalf_The_Grey

Level 84
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,415
Google Chrome 99.0.4844.51 Stable Channel Update for Desktop
The Chrome team is delighted to announce the promotion of Chrome 99 to the stable channel for Windows, Mac and Linux.This will roll out over the coming days/weeks.

Chrome 99.0.4844.51 for Windows,Mac and Linux contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 99.

Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

This update includes 28 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[$10000][1289383] High CVE-2022-0789: Heap buffer overflow in ANGLE. Reported by SeongHwan Park (SeHwa) on 2022-01-21

[$7000][1274077] High CVE-2022-0790: Use after free in Cast UI. Reported by Anonymous on 2021-11-26

[$7000][1278322] High CVE-2022-0791: Use after free in Omnibox. Reported by Zhihua Yao of KunLun Lab on 2021-12-09

[$7000][1285885] High CVE-2022-0792: Out of bounds read in ANGLE. Reported by Jaehun Jeong(@n3sk) of Theori on 2022-01-11

[$7000][1291728] High CVE-2022-0793: Use after free in Views. Reported by Thomas Orlita on 2022-01-28

[$7000][1294097] High CVE-2022-0794: Use after free in WebShare. Reported by Khalil Zhani on 2022-02-04

[$5000][1282782] High CVE-2022-0795: Type Confusion in Blink Layout. Reported by 0x74960 on 2021-12-27

[$5000][1295786] High CVE-2022-0796: Use after free in Media. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2022-02-10

[$NA][1281908] High CVE-2022-0797: Out of bounds memory access in Mojo. Reported by Sergei Glazunov of Google Project Zero on 2021-12-21

[$15000][1283402] Medium CVE-2022-0798: Use after free in MediaStream. Reported by Samet Bekmezci @sametbekmezci on 2021-12-30

[$10000][1279188] Medium CVE-2022-0799: Insufficient policy enforcement in Installer. Reported by Abdelhamid Naceri (halov) on 2021-12-12

[$7000][1242962] Medium CVE-2022-0800: Heap buffer overflow in Cast UI. Reported by Khalil Zhani on 2021-08-24

[$5000][1231037] Medium CVE-2022-0801: Inappropriate implementation in HTML parser. Reported by Michał Bentkowski of Securitum on 2021-07-20

[$3000][1270052] Medium CVE-2022-0802: Inappropriate implementation in Full screen mode. Reported by Irvan Kurniawan (sourc7) on 2021-11-14

[$3000][1280233] Medium CVE-2022-0803: Inappropriate implementation in Permissions. Reported by Abdulla Aldoseri on 2021-12-15

[$2500][1264561] Medium CVE-2022-0804: Inappropriate implementation in Full screen mode. Reported by Irvan Kurniawan (sourc7) on 2021-10-29

[$2000][1290700] Medium CVE-2022-0805: Use after free in Browser Switcher. Reported by raven at KunLun Lab on 2022-01-25

[$1000][1283434] Medium CVE-2022-0806: Data leak in Canvas. Reported by Anonymous on 2021-12-31

[$TBD][1287364] Medium CVE-2022-0807: Inappropriate implementation in Autofill. Reported by Alesandro Ortiz on 2022-01-14

[$TBD][1292271] Medium CVE-2022-0808: Use after free in Chrome OS Shell. Reported by @ginggilBesel on 2022-01-29

[$TBD][1293428] Medium CVE-2022-0809: Out of bounds memory access in WebXR. Reported by @uwu7586 on 2022-02-03
 

silversurfer

Super Moderator
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,256
Chrome 99 will change the implementation of the JavaScript (JS) adoptedStyleSheets specification. This previously used the FrozenArray backing array but will now leverage ObservableArray. The new methods will make it easier to mutate JS arrays. While this is all quite technical, the arguably interesting thing for our readers would be that changes to this specification have been debated between Microsoft, Mozilla, Apple, and Google since 2018.
 

Gandalf_The_Grey

Level 84
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,415
Chrome 99 lets you Uninstall Web Apps from Windows Settings and remove default Search engines
The update comes with two significant changes:
  • New feature related to PWAs integration with the Windows platform,
  • Reverts the previous change to allow removal of default Search engines.
 

silversurfer

Super Moderator
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,256

silversurfer

Super Moderator
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,256
Starting in Chrome 99, Google reintroduced the ability to delete default search engines in Chrome. Chrome users may once again select the menu icon next to the search engine that they want to remove to bring up the context menu with the delete option.

chrome remove default search engine


Selecting the delete option removes the search engine immediately. The default search engine can't be removed, but it is easy enough to make any search engine the default to get rid of all others.
 

Gandalf_The_Grey

Level 84
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,415
Google Chrome 99.0.4844.74 Stable Channel Update for Desktop
The Stable channel has been updated to 99.0.4844.74 for Windows, Mac and Linux which will roll out over the coming days/weeks.

A full list of changes in this build is available in the log. Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.

Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

This update includes 11 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.
[$NA][1299422] Critical CVE-2022-0971: Use after free in Blink Layout. Reported by Sergei Glazunov of Google Project Zero on 2022-02-21

[$NA][1301320] High CVE-2022-0972: Use after free in Extensions. Reported by Sergei Glazunov of Google Project Zero on 2022-02-28

[$15000][1297498] High CVE-2022-0973: Use after free in Safe Browsing. Reported by avaue and Buff3tts at S.S.L. on 2022-02-15

[$7000][1291986] High CVE-2022-0974 : Use after free in Splitscreen. Reported by @ginggilBesel on 2022-01-28

[$7000][1295411] High CVE-2022-0975: Use after free in ANGLE. Reported by SeongHwan Park (SeHwa) on 2022-02-09

[$7000][1296866] High CVE-2022-0976: Heap buffer overflow in GPU. Reported by Omair on 2022-02-13

[$3000][1299225] High CVE-2022-0977: Use after free in Browser UI. Reported by Khalil Zhani on 2022-02-20

[$TBD][1299264] High CVE-2022-0978: Use after free in ANGLE. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2022-02-20

[$TBD][1302644] High CVE-2022-0979: Use after free in Safe Browsing. Reported by anonymous on 2022-03-03

[$TBD][1302157] Medium CVE-2022-0980: Use after free in New Tab Page. Reported by Krace on 2022-03-02

We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.
 

Gandalf_The_Grey

Level 84
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,415
Google Chrome 99.0.4844.82 Stable Channel Update for Desktop
The Stable channel has been updated to 99.0.4844.82 for Windows, Linux and 99.0.4844.83 for Mac which will roll out over the coming days/weeks.

A full list of changes in this build is available in the log.
 

Gandalf_The_Grey

Level 84
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,415
Google Chrome 99.0.4844.84 Stable Channel Update for Desktop
The Stable channel has been updated to 99.0.4844.84 for Windows, Mac and Linux which will roll out over the coming days/weeks.

A full list of changes in this build is available in the log. Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.

Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

This update includes 1 security fix. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[$TBD][1309225] High CVE-2022-1096: Type Confusion in V8. Reported by anonymous on 2022-03-23

We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

Google is aware that an exploit for CVE-2022-1096 exists in the wild.
 

silversurfer

Super Moderator
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,256
" Chrome 100 will start rolling out in the later hours of today. "
Chrome 100 is updating the way cookie strings are parsed by allowing the domain attribute to be set to an empty string. This modification will bring Chrome in line with standard specifications and also improve interoperability with Safari and Firefox, which already handle empty strings correctly.

The multi-screen window placement APIs are being enhanced to cater to modern use-cases by providing more information about secondary screens instead of being tied just to the primary display. Google says that this will unlock the following scenarios in terms of accurate window placement:
  • A slideshow app presenting on a projector, while showing speaker notes on a laptop screen.
  • A financial app opening a dashboard of windows across multiple monitors.
  • A medical app opening images (for example, x-rays) on a high-resolution grayscale display.
  • A creativity app showing secondary windows (for example, a palette) on a separate screen.
  • Multi-screen layouts in gaming, signage, artistic, and other types of apps.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top