Chrome 102 Patches 32 Vulnerabilities

Google is preparing to promote Chrome 102 to take its place after releasing Chrome 101 just over a month ago. The new Chrome release is chock-full of developer-oriented features, which isn’t necessarily negative. Instead, it means that online programs and applications will only get more powerful in the next few years. 

More web app improvements, new keyboard shortcuts for tabs, and vital information about online retailers are all included in Chrome 102. Some of these improvements are discussed below.

Intelligent shortcut for android 

Many Chrome 101 Android users have noticed a new smart third shortcut to the right of the address bar, and it’s safe to anticipate that Google will improve it in Chrome 102. Depending on what you’re most likely to use, the shortcut will display as a button for sharing, voice search, or starting a new tab.

You can reorder tabs with keyboard shortcuts

Switching between tabs and scrolling back and forth in your browsing history are just a few things you can do with your keyboard in Chrome. Another much-needed keyboard shortcut is finally joining the list of existing ones. 

You may now use your keyboard to reorder tabs. This feature is only available in Chrome 102 for Windows and macOS. To move a tab, use ctrl+shift and then either page up or page down. You’ll need to utilize ctrl+shift+fn with an arrow up or down on a Mac keyboard.

Online store information and ratings

one of the few user-facing modifications Google is working on for this version is this. Google is experimenting with providing more information about online stores that users may have never visited before, making it much easier to evaluate whether a store is authentic and giving them access to Google ratings.

Chrome 102 vulnerabilities

Despite these improvements, Chrome 102 has patched 32 vulnerabilities, including severe weaknesses discovered by unnamed researchers.

The critical security flaw, known as CVE-2022-1853, is a use-after-free flaw that affects Indexed DB. As of now, the bug bounty for this vulnerability is yet to be determined.

Chrome 102 is also working to fix eight high-severity flaws discovered by other outside researchers. Another severe vulnerability is CVE-2022-1854, a use-after-free flaw affecting the browser’s ANGLE component. The issue was discovered on May 12th by researcher SeongHwan Park won a $10,000 reward from google.

Use-After-Free (UAF) is a vulnerability that occurs when dynamic memory is used incorrectly during program execution. Suppose a program does not delete the pointer to a memory address after freeing it. An attacker can use the fault to hijack the program, leading to data corruption, DoS attacks, or arbitrary code execution.

Several researchers have benefited from their discoveries of vulnerabilities in the new chrome 102. For instance, the researcher who discovered a use after free messaging vulnerability tracked as CVE-2022-1855 earned $7,500, while one who discovered CVE-2022-1856 as a fault in User Education was awarded $3,000.

External researchers reported fifteen vulnerabilities, given a severity grade of “medium” or “low.” It’s worth noting that three of the medium-severity flaws were awarded $5,000, while one of the low-severity faults was awarded $7,000.

While there is no evidence that these flaws have been used in malicious attacks, consumers must maintain their browsers up to date because threat actors frequently use them in their operations.

According to Google, three Chrome vulnerabilities have been used in attacks so far this year.

In March, Google acknowledged that there had been an increase in Chrome zero-day exploits, with 14 security flaws exploited in 2021. In its defense, the company stated that some of the factors contributing to this trend include Chrome’s popularity, improved transparency, the necessity to link many weaknesses for a single exploit, and the web browser becoming more sophisticated, 

Even though it is impossible to create a perfect web browser, the Google team needs to step up their game to protect users at all times. Vulnerabilities can lead to significant losses, especially to victims of cyber attackers taking advantage of these faults.