Google distributed an update to the desktop version of Chrome yesterday (October 28) that fixes eight security vulnerabilities

The update brings the version of Chrome for Windows, Mac, and Linux to 950463869 Windows and Mac users can usually install the update simply by restarting their browser, while Linux users may need to wait until their distribution bundles the update into their normal update package 3]

Otherwise, click on the three vertical dots in the upper right corner of the browser window, move the mouse down, and click Help, You can force Chrome to update Click "About Google Chrome" from the menu that appears, and a new tab will appear, indicating that Chrome is up-to-date or an update will be downloaded

The first of the two patched zero-day flaws involves "insufficient validation of untrusted input in Intents," a protocol Chrome uses to find the best web app to handle a particular purpose (vulnerability CVE-2021-38000 (cataloged as CVE-2021-38000) The other allows "improper implementation in V8," Chrome's JavaScript engine (cataloged as vulnerability CVE-2021-38003)

The former allows web apps to prank, while the latter presumably allows websites to do the same Google has said nothing further

Since the reporters of these flaws all work for Google, they probably will not get bug bounties However, Wei Yuan of MoyunSec VLab found a "use-after-free" bug in Chrome's sign-in protocol and won $10,000

Use-after-free means that the memory space was not properly reallocated after the protocol finished using it, which could allow a malicious program to literally break into the memory space

The other four flaws also involve use-after-free issues, insufficient validation, V8, or a combination thereof Google has said nothing about the eighth vulnerability being patched

Several other browsers that share the Chrome and Chromium open source foundation have also been updated to newer versions, including Brave and Microsoft Edge (Like Chrome, they can be updated by restarting) Other browsers, such as Opera and Vivaldi, are not quite there yet

Google has already patched more than 10 zero-day flaws in this exceptionally busy year Whether this is a good thing, indicating that more defects will be discovered, or a bad thing, potentially leading to more zero-day in general, is not known

Below is a list of recent Chrome desktop updates