Most of the dangerous bugs are what security folks call use after free flaws, where the browser keeps pointing to a chunk of memory even after it's been cleared out, and an attacker slips in and hijacks that space to run malware.Google's advisory lists at least ten critical rated UAF bugs spread across extensions, GPU handling, WebUSB, the remote desktop tool Chromoting, and even Bluetooth.There's also a type confusion bug in a graphics component called Dawn, plus a handful of validation flaws in iOS web code and rendering tools.One researcher walked away with a thirty six thousand dollar bounty for finding a GPU flaw. And that's not even the top payout Google has ever handed out for a Chrome bug, just the biggest one this round.
Google is keeping most of the technical details under wraps for now, which is standard, they wait until enough people have updated before letting the full writeups go public.It's a smart move, honestly, even if it means researchers have to sit on their findings a while longer.Anyone running Chrome should just let it update automatically, or go into settings and check manually if they're the type who never restarts their browser.Enterprise security teams especially need to move fast here, given how many of the affected components touch extensions and remote access tools that businesses lean on daily.The desktop build number to look for is 150.0.7871.46.
Comments