Google fixes 20 security vulnerabilities in the chromebook-computers-of-2022/">Chrome web browser, some of which are high-risk. In addition, the browser has new functions and improvements.
Google’s developers have patched a total of 20 vulnerabilities in the Chrome 106 web browser. Some of these pose a high risk for users. In addition, some small functional improvements have made it into the new version.
New and improved features
As a new or improved function, Chrome 106 now knows partial text translations. This not only translates an entire website, but only selected text. However, users must disable this function by changing the flag chrome://flags#desktop-partial-translate activate first.
In addition, a new rudimentary RSS reader is also set to return to the desktop version, having recently been made available in the Android version. It can be disabled by setting the flag chrome://flags/#following-feed-sidepanel switch on and shows “Follow website” as a new menu item in the context menu when you right-click on a website.
However, it is still an early version. The developers will certainly do some fine-tuning here. Google removed RSS support from Chrome in 2013 and only started a beta test in the Android version last year.
No in-depth information about gaps
As usual from Google, the company is not yet providing any details on the security gaps to protect users. The security notification from Google only provides a brief summary of some of the leaks.
It shows that the company’s IT specialists classify five of the 20 security gaps as a high level of threat, eight as medium and three as low risk. There are no indications of any kind for four vulnerabilities.
Of the high-risk vulnerabilities, two stand out a bit. These are so-called use-after-free vulnerabilities, in which pointers or memory areas are used although they are no longer assigned and no longer contain any defined content. This can often lead to the execution of injected malicious code. Since these vulnerabilities were found in the CSS and Media components, exploitation was likely to involve visiting a compromised website or playing manipulated media files on websites.
Current software versions
The current version levels of the Chrome stable web browser are as of now 106.0.5249.65 for Android, 106.0.5249.60 for iOS, 106.0.5249.61 for Linux and Mac such as 106.0.5249.61/62 for Windows. In order not to become a victim of attackers for the security gaps, it is advisable to check the version currently in use.
All you have to do is click on Chrome’s settings menu, which is behind the symbol with the three stacked dots to the right of the address bar. There it goes down to “Help” and “About Google Chrome”. The dialog shows the currently used version and, if available, initiates the download and installation of the update. As usual, Linux users have to start the distribution’s own software management. Android and iOS users can open the app stores of their devices and search for updates there.
(dmk)
