Chrome 100.0.4896.88 update available

Google has released version 100.0.4896.88 of the Chrome web browser for Linux, Mac and Windows and the update fixes eleven security vulnerabilities. Attackers could probably inject and execute malicious code through the vulnerabilities when visiting manipulated websites.

As usual, Google is not releasing detailed information about the vulnerabilities to give administrators and users time to update. With such information, attackers could otherwise develop exploits that exploit the vulnerability more quickly.

The Chrome Release Blog indicates that some of the vulnerabilities are of the use-after-free type. The program code uses pointers or memory areas after they have actually been freed. It is undefined what is there in memory, but attackers can often place their own code there, which is then executed.

Eight of the vulnerabilities are classified by Google as high risk, making potential code smuggling likely.

Google will distribute the update automatically in the coming days. To prevent attackers from exploiting the vulnerabilities in the meantime, users should check for themselves whether the Chrome browser is up to date.

Google Chrome users can access the settings menu by clicking on the symbol with the three vertically lined up dots at the top right next to the address bar. There you will find under *Help" / About Google Chrome the dialog with the current installed version. If an update is available, this may trigger the download and installation. The web browser must then be restarted. In Linux distributions, administrators usually have to start the update function of the package management once.

One week ago, Google already published a Chrome update that fixed a security vulnerability. Since components are affected by the now closed vulnerabilities that, like the JavaScript engine V8, are also part of the open source Chromium project, web browsers based on them, such as Microsoft Edge, will also receive updates soon.