Chrome users may want to get on the latest update as it includes 11 security fixes for the browser. This update may not be as fun as one that has a new logo (opens in new tab) or improves your RAM (opens in new tab)but for anyone with safety in mind it’s a pretty important rollout.
According to SecurityWeek (opens in new tab)one of the security fixes in the 104.0.5112.101/102 update is for zero-day vulnerabilities—ones that are found by malicious parties before the vendor or owner of the software is aware of them.
In the case of Chrome’s latest update, only one out of the 11 fixes appears to be for a zero-day vulnerability, but this is the fifth such exploit patched by Chrome this year. This marks a rise in zero-day exploits that Google has had to cover for.
Other bug fixes in the patch repair several different vulnerabilities regarding use-after-free. This usually refers to programs not clearing memory after use, leaving a pointer that can be exploited by attackers. Given that they make up the lion’s share of the fixes, it seems these floating points have been a real problem for Chrome.
You can get a look at all the fixes in this patch on Google’s official Chrome Releases page (opens in new tab). Not only does it tell you what each fix addresses, but also gives credit to those who reported the issue in the first place. Sometimes these are Google employees, but can often include free agents who are looking to help.
What’s pretty neat about this list is you can also see what compensation was awarded to the reporters by Google. For example, one use-after-free bug was reported by an anonymous source (to us anyway) and we can see they were paid $5,000 for their troubles. It’s nice to see that hunting down exploits in Chrome is at least a little bit rewarding for those looking to do good as well as evil.