May 11 Update: This post was originally published on May 10
I spoke too soon when I reported that Google had shown off a relatively infrequent update reserved for Android users of the Chrome browser. Windows, Linux, and Mac users can no longer breathe easy and now want to check that their Chrome browsers are up to date as soon as possible. Why the change? Because Google has now shown that billions of users of the most popular Internet browser on the planet are affected by the latest security vulnerabilities.
In a May 10 announcement via Prudhvikumar Bommana of the Google Chrome team, it was shown that the same nine vulnerabilities that triggered the Android security update warning were also rolled out to the desktop browser on all platforms. In fact, there are thirteen security patches in total, as I first reported, however, only nine have gained CVE numbers. It is not known at this time why there was a delay between the confirmation of the two updates, however, I will search to locate and report. While none of the leaked vulnerabilities this time are zero-day, meaning there’s no evidence that attackers are already exploiting them, that doesn’t explain why indulge. So update your Chrome browser as soon as you can.
In the case of the desktop browser, this means going to the Help option | Under About your Google Chrome menu. The update will start downloading automatically if available. The full main points can be found here, but the most important thing is to restart the browser or the update will not be enabled. The edition that includes the desktop consumer security content is 101. 0. 4951. 64.
Users of other Internet browsers powered by Chromium, such as Brave and Edge, should also be aware that security updates will likely be maintained in the coming days. I will update this article as soon as I can verify that those updates have been rolled out, with commands on what you want to do. Of course, Chrome for Android users also make sure the app is up to date, as shown below.
May 12 Update: This post was originally published on May 10
There were no actively exploited zero-day vulnerabilities affecting the open-source chrome mapping that sits at the center of the Google Chrome browser. Of course, this is good news. In addition to the fact that the Chrome security update is already being rolled out for the desktop and Android versions, and you can force the installation if your browser has not yet been updated automatically. Instructions for doing so are included below.
I’m pleased to announce that there’s more smart news: the Brave and Opera browser, which also rely on a Chromium base, can now be updated to protect themselves from the heap of high-severity vulnerabilities. I use Brave as the number one browser of choice in those days, mostly because in addition to the privacy aspects it offers so well, it tends to make those vital security updates available quite temporarily after Google’s initial disclosure. Opera is also regularly fast in this regard.
Which brings me to the bad news for users of the world’s most popular desktop browser, Microsoft Edge. At the time of writing, and I reviewed every hour today, about 48 hours after the announcement of the Google Chrome update, Edge users may still not update their browser security. It’s not that Microsoft is rarely very aware of vulnerabilities, of course, and a quick review of the Microsoft Edge security update release notes confirms that. security patches. We are actively working on the release of a security patch. “
I contacted Microsoft to ask what the reasons for this delay are, and in fact, why Microsoft Edge users still seem to have to wait longer than Chrome, Brave, or Opera users to avoid known vulnerabilities. Microsoft’s press service assures me that they will take a look at the matter for me, so I hope I can provide you with an answer in due course. However, in the meantime, I recommend that you stick to the commands detailed below to be on the lookout (no pun intended) for the arrival of the security patch. As with all Chromium-based browsers, downloading and installing the update alone is not enough; You want to restart the browser before it can be installed and start protecting yourself from a potential danger.
I sense that Microsoft wants to ensure that the patches it applies are used by a broad user base. You just want to take a look at the scenario with the latest release of Patch Tuesday security updates for Windows users to see evidence of what can go wrong. The most recent May Patch Tuesday update caused authentication issues for several commercial users and an out-of-band update to the original update is expected soon. That said, what I don’t see is why Brave and Opera, despite having smaller user bases and fewer business-critical users, can act with much more haste. In fact, Chrome itself has a much larger user base for business and customer profiles with around 3. 2 billion users in total. While all Chromium-based browsers are different in that they wrap all kinds of proprietary parts around the core code, there has to be a better way. Coordinated release across vendors, with security updates scheduled for simultaneous release, is the ideal solution. I doubt that will happen, especially since the browser market is so competitive, but delays measured in days between security updates for the same vulnerabilities will never get my vote in terms of pure security effectiveness.
Go to the Help option | About your Google Chrome menu, and if the update is available, the download will start automatically. Start over to allow the upgrade.
Go to Help & Feedback| About Microsoft Edge in the three-dot menu of the most sensitive part on the right and if an update is available it will force the procedure to start. Once downloaded and installed, as always, close all tabs and restart your browser.
Head to “About Brave” on the menu of the smartest burger stack. This will start the procedure for checking, downloading, and installing the update. Restart the browser to activate it.
Instead of searching in the maximum direction to the right as with most browsers, Opera users head to the Opera ‘O’ logo in the maximum direction to the left. Click on it and select Help | About Opera.
Windows, Linux, and Mac users of the Google Chrome browser can breathe for now. This latest security warning is just for smartphone users to switch. In a Chrome update confirmation released on May 9, Google unveiled no fewer than thirteen security patches. Of these, 8 were assigned maximum severity ratings for common vulnerabilities and exposures (CVEs), and one of them scored moderately. The others, 4 in total, are wrapped with a “miscellaneous patch” of ongoing internal security paints that have earned CVE numbers.
Of those that earned ratings, 3 high-severity Chrome for Android security vulnerabilities saw bug bounty bills totaling $11,000 made to security researchers who leaked them. The medium-severity solitary vulnerability earned a premium of $5,000. Four of the others are awaiting a paid financial assessment, however, the amounts have not yet been shown through Google.
As usual, Forbes Straight Talking’s cyber advice is to make sure your smartphone is up to date as soon as possible so that vulnerability patches can be applied. Google said the solution is being rolled out and is expected to be available on Google Play. “in the coming days. ” The updated version, according to Google’s announcement, is Chrome v101. 0. 4951. 61 for Android. At the time of writing, my Samsung Galaxy Note 10 is still in the April 26 update of v101. 0. 4951 . 41 and therefore not patched yet.
The most productive recommendation is to let Google update your app as soon as it’s available. To set this up, go to the three-dot menu in the Google Play app and head to Settings | Network of personal tastes Automatic update of applications.
To check your Chrome for Android edition number, skip to the chrome app’s own three-dot menu and Help & Comments, and then from the three-dot menu, Version Info.
To check the latest version of Google Play, open the app and click on your profile icon in the most sensitive part on the right. From there, you need to manage the apps and device | Updates available.
The nine security vulnerabilities covered through this Chrome update are as follows: Google restricts access to all major points until most users have had a chance to update their browser app.
High severity level:
Mean severity level: