Google Warns Billions That Chrome Has Been Hacked, Patch This Version ASAP:
[...] The Stable Channel for the desktop edition of Chrome had an update on April 26, 2022. That update includes 30 security fixes, some of them so bad that Google is urging all users to update immediately.
The release notes for Google's Chrome v101.0.4951.41 for Windows, Mac, and Linux has a long list of bug fixes; you can view it here. However, there's also a key statement in that page.
"Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed."
Effectively the the non-developer translation of the quote above is that these are serious enough to keep the details hidden from the public to avoid bad actors pouncing on them with exploits. We can tell you a good portion of the bugs that have been published lately have to do with memory manipulation and memory overflow errors, a pretty popular way for malware developers to inject code into memory and allow for arbitrary execution, which is bad. [...]
[Editor's note (hubie): On 5/22 the original article author stepped back from their initial headline and stance. The SN headline here has been changed to reflect the current article headline and relevant text updated. I moved the original text below for posterity.]
Original headline: Google Warns Billions That Chrome Has Been Hacked, Patch This Version ASAP
Original text:
This specific quote reveals that there was something very wrong in the previous version of Chrome, and possibly some Chrome extensions or utilities, that was particularly nasty. Effectively the the non-developer translation of the quote above is that something so significant was found, the details are being kept hidden. And there are possibly already exploits out in the wild. [...]
(Score: 3, Informative) by Anonymous Coward on Tuesday May 03 2022, @08:12PM (6 children)
From the linked article:
Looks like someone (the linked article) was gagging for eyeballs with a sensationalist title and then had to backpedal
(Score: 0) by Anonymous Coward on Tuesday May 03 2022, @10:30PM (2 children)
Hothardware reporting fake news or SN spreading fake news?
(Score: 1, Insightful) by Anonymous Coward on Tuesday May 03 2022, @10:41PM (1 child)
I'd say hothardware, with an unintentional occurrence by SN...
I have no reason to believe that the original submission was inaccurate at the time of submitting. I don't think SN acted in bad faith.
(Score: 0) by Anonymous Coward on Tuesday May 03 2022, @11:00PM
The road to hell is paved with good intentions, eh.
(Score: 4, Informative) by hubie on Tuesday May 03 2022, @11:41PM (2 children)
Headline fixed. They retracted their original story after it was accepted in put in the queue here. Thanks for the heads up.
(Score: 2) by coolgopher on Wednesday May 04 2022, @12:03AM
Thanks for the way this was handled. It's nice being able to see what was changed easily.
(Score: 0) by Anonymous Coward on Wednesday May 04 2022, @11:34PM
I ragged on SN "editors" a tone, but you are good. Keep it up.
Perhaps, one of these days I will join you.
(Score: 4, Interesting) by Snotnose on Tuesday May 03 2022, @08:12PM (2 children)
Some hacker figured out how to block Chrome's tracking/spying activities. Maybe not block, but send the data to somewhere outside the google.com domain.
I can't see anything outside of this being the reason for the Defcon 1 response. Not like Google gives a shit about system integrity, user privacy, etc.
I just passed a drug test. My dealer has some explaining to do.
(Score: 5, Interesting) by DannyB on Tuesday May 03 2022, @08:41PM (1 child)
Google cares very deeply about keeping your personal information exclusively to Google and nobody else. Otherwise their ads could be just as targeted as Google's ads.
How often should I have my memory checked? I used to know but...
(Score: 2) by Opportunist on Wednesday May 04 2022, @02:30PM
Pretty much this. Any information I have on you is only valuable as long as it is not public information. I can only blackmail you with it if it's not already public knowledge, I can only sell it to someone if they don't already know it.
Information only has a value if you can sell it. If either everyone already knows it or nobody cares about it, it is worthless information.
(Score: 0, Funny) by Anonymous Coward on Tuesday May 03 2022, @08:41PM (1 child)
Google couldn't do a shittier job at security if they tried. Their track record is starting to make MS look competent.
(Score: 2) by Freeman on Wednesday May 04 2022, @01:29PM
Sure they could, but then their name would be Oracle.
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 2, Insightful) by Anonymous Coward on Tuesday May 03 2022, @10:13PM (2 children)
Haha.
How do you like that browser monoculture now?
(Score: 0) by Anonymous Coward on Tuesday May 03 2022, @10:17PM
Agreed, "many eyeballs make all bugs shallow" cuts in more than just one direction.
(Score: 2) by Opportunist on Wednesday May 04 2022, @02:33PM
Well, to be fair, the same works for Firefox when a flaw gets discovered over there.
There is less of an incentive for blackhats to abuse it, considering its market share, I give you that. It's like with Linux, only that Linux also "suffers" from having a sizable market share in the server department.
Firefox is in that sweet spot between "small enough to not be a primary target of exploitation" and "large enough to receive considerably fast updates".
(Score: 4, Insightful) by Runaway1956 on Tuesday May 03 2022, @11:13PM
I thought Google hacked Konqueror. Apple done it first, then Google followed suit, if I recall correctly.
Abortion is the number one killed of children in the United States.
(Score: 3, Interesting) by KritonK on Wednesday May 04 2022, @09:52AM
I see that I have chrome stable v101.0.4951.54 installed, so the above version is already obsolete. Have they found even more bugs?
OpenSUSE Tumbleweed still distributes chromium v100.0.4896.127, though, and Vivaldi is based on chromium v100.0.4896.147. Neither vendor seems to be in a hurry to update to v101.