Google classifies at least one of 37 security vulnerabilities in version 97.0.4692.71 of the Chrome web browser as critical. The company considers at least ten further gaps to be high, another ten as medium and three as low risk. In the release notification, Google explicitly lists 24 vulnerabilities reported by external security researchers with their severity. Google keeps a low profile on the other 13 security leaks.
In general, Google remains extremely frugal with details of the security loopholes that have been closed. The manufacturer only gives a very brief summary and risk assessment. Only rough conclusions can be drawn from this. For example, attackers could probably have misused a use-after-free gap in storage, an API for functions for storing data, to smuggle in malicious code. This at least suggests the risk assessment “critical”.
Hardly any details are known
Use-after-free vulnerabilities classified as high risk can be found in the screen capture routines, sign-in, Swift-Shader, PDF and Autofill. Here, too, it can be assumed that attackers could have misused them to execute malicious code. In addition, security researchers found heap buffer overflows with a high risk and thus probably similar damage potential, for example in the components Media Streams API, Bookmarks or ANGLE (a graphics engine abstraction layer).
The developers list further bullet points on the closed loopholes in the Google Chrome release blog. They also write there that they have implemented further bug fixes for vulnerabilities that they found in internal audits, using fuzzing and other initiatives. By that you are probably referring to the 13 vulnerabilities that are missing in the list above.
Update now
To check whether the current version of Chrome is already running, click on the three dots in the top right corner of the address bar to open the browser menu. Under “Help”, a click on “About Google Chrome” leads to the version dialog. Either the current version is shown here or the download is triggered by it. When the process is complete, a button will appear asking you to restart your browser. Chrome users should do this promptly.
(dmk)