Chrome's new update patches yet another major exploited vulnerability
These zero-day vulnerabilities are getting a bit rich.
Chrome users may want to get on the latest update as it includes 11 security fixes for the browser. This update may not be as fun as one that has a new logo or improves your RAM, but for anyone with safety in mind it's a pretty important rollout.
According to SecurityWeek, one of the security fixes in the 104.0.5112.101/102 update is for zero-day vulnerabilities—ones that are found by malicious parties before the vendor or owner of the software is aware of them.
In the case of Chrome's latest update, only one out of the 11 fixes appears to be for a zero-day vulnerability, but this is the fifth such exploit patched by Chrome this year. This marks a surge in zero-day exploits that Google has had to cover for.
Other bug fixes in the patch repair several different vulnerabilities regarding use-after-free. This usually refers to programs not clearing memory after use, leaving a pointer that can be exploited by attackers. Given they make up the lion's share of the fixes, it seems these floating points have been a real problem for Chrome.
Best gaming mouse: the top rodents for gaming
Best gaming keyboard: your PC's best friend...
Best gaming headset: don't ignore in-game audio
You can get a look at all the fixes in this patch on Google's official Chrome Releases page. Not only does it tell you what each fix addresses, but also gives credit to those who reported the issue in the first place. Sometimes these are Google employees, but can often include free agents who are looking to help.
What's pretty neat about this list is you can also see what compensation was awarded to the reporters by Google. For example, one use-after-free bug was reported by an anonymous source (to us anyway) and we can see they were paid $5,000 for their troubles. It's nice to see that hunting down exploits in Chrome is at least a little bit rewarding for those looking to do good as well as evil.
The biggest gaming news, reviews and hardware deals
Keep up to date with the most important stories and the best deals, as picked by the PC Gamer team.
Hope’s been writing about games for about a decade, starting out way back when on the Australian Nintendo fan site Vooks.net. Since then, she’s talked far too much about games and tech for publications such as Techlife, Byteside, IGN, and GameSpot. Of course there’s also here at PC Gamer, where she gets to indulge her inner hardware nerd with news and reviews. You can usually find Hope fawning over some art, tech, or likely a wonderful combination of them both and where relevant she’ll share them with you here. When she’s not writing about the amazing creations of others, she’s working on what she hopes will one day be her own. You can find her fictional chill out ambient far future sci-fi radio show/album/listening experience podcast right here. No, she’s not kidding.