Chrome users may want to get the latest update as it contains 11 security fixes for the browser.This update might not be as interesting as the new logo (opens in new tab) or improve your RAM (opens in new tab)but it’s a very important deployment for anyone with security in mind.
according to Safety Weekly (opens in new tab)one of the security fixes in the 104.0.5112.101/102 update is for zero-day vulnerabilities — vulnerabilities discovered by malicious parties before the software vendor or owner is aware of it.
As far as Chrome’s latest update is concerned, only one of the 11 fixes appears to be for zero-days, but this is the fifth of its kind that Chrome has patched this year. This marks a surge in zero-day attacks that Google has had to cover up.
Other bug fixes in the patch fix several different exploits regarding post-release usage. This usually means that the program did not clear the memory after use, leaving a pointer that could be exploited by an attacker. Given that they make up the lion’s share of fixes, these floats seem to be a real problem for Chrome.
You can see all the fixes in this patch Google’s official Chrome release page (opens in new tab). Not only will it tell you what problem each fix solves, but it will also give credit to those who reported the problem in the first place. Sometimes these are Google employees, but can often include freelance agents seeking help.
What’s really neat about this list is that you can also see how Google compensates journalists. For example, an anonymous source (who reported it to us anyway) reported a bug after free use and we can see that they paid $5,000 for their trouble. It’s good to see that finding bugs in Chrome has at least a little reward for those who want to do both good and evil.